Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Share tech news, updates, or what's on your mind.

Sign up to Post

Because I am taking over for an ex-employee, I am tasked with finding out why a visitor who's logged in session times out 24 hours after inactivity can still see certain things that they should only be able to see when logged in, like special pricing. It was originally designed this way, because the boss wanted government customers who have logged in at some point to always be able to see their government pricing, whether they were currently logged in or not. Now, that decision has been reversed, and we only want them to see their government pricing if their current logged in session is valid.

we use Symfony2 on Unix / Apache if that matters

I have no idea if it's a cookie, a session, or whatever else

I know we utilize both but I don't know if the answer lies in either place
0
Introducing the "443 Security Simplified" Podcast
LVL 1
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

I have a Netgear FVS318N, and it has worked great for our needs in a small business.
 Of  Course netgear is no longer  Supporting any utm or small business fire wall VPN routers.
What is a good alternative to this level of a fire wall with good VPN
IPsec or SSL VPN.
We really don't wanna spend $2000 or even a $1000 is there anything in that mid range? the netgear FVS318 and was only about $200.
 any suggestions thanks
0
Draytek to Cisco ASA IPSEC vpn issue
I am sure its just a mismatch but wondered if anyone with more knowledge can tell me what to change on draytek to get it to connect.

Draytek set to
Dial Out
IKEv1
Pre shared key entered
High (ESP)
AES (with encryption)
  Phase 1 proposal : auto
  Phase 2 Proposal : AES256_SHA256
Key 1 lifetime : 86400
Key 2 Lifetime : 3600
PFS : enable
Local ID blank


Here is the cisco config for VPN

crypto ipsec ikev1 transform-set ESP-AES256-SHA esp-aes-256 esp-sha-hmac

crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400


crypto map site-to-site 100 match address CCTV-TSI-VPN
crypto map site-to-site 100 set pfs
crypto map site-to-site 100 set peer 8x.xx.xx.xx
crypto map site-to-site 100 set ikev1 transform-set ESP-AES256-SHA
crypto map site-to-site 100 set security-association lifetime seconds 3600
crypto map site-to-site 100 set security-association lifetime kilobytes 4608000
0
How to secure my browser from Hijack and rid from annoying pop-ups?
0
I have 2 sites connected via IPsec VPN but I cannot connect to services across this VPN.

 

The tunnel is active and I can send ICMP in either direction but I can't connect to any of the internal resources. This had been working previously for a while (years) without issue and just recently cropped up, no changes have been made to the networks.

 

Site A: 192.168.1.0/24
Using a Ubiquiti EdgeMax Router firmware 1.10.5

Site B: 192.168.2.0/24
Using a Cisco RV042

 

auto-firewall-nat-exclude is enabled, can ping across VPN, running latest firmware, rebooted device, rekeyed the tunnel, destination server firewall is allowing incoming traffic

 

Here is my tunnel sa and a ping showing that I can get across.

 

unifisa.PNG
 

I can also ping from the remote site to 192.168.1.0/24

 

From Site A I can access a local website at Site B, but I cannot connect to local resources at Site A from Site B which is what we really need.
0
Will submitting a login form with a POST request over HTTPS be enough security or are there other precautions I should take? This project is also being built in Angular if there are any specific considerations.
0
I'm looking for some guidance on how to allow Remote Users to access system applications. We currently are running a phase 1 setup where users are sent home with company equipment and use Sonicwall Global VPN software and Remote Desktop to remote into their own computers, located on site.

This is not, however, ideal, as it requires equipment on both ends.

Ideally what I'm looking for is to have a way for a user to have equipment at home, use a secure VPN connection with the Sonicwall Global Client, and then have the user access a desktop that is not in use. One way, obviously, is to have a bank of PC's with one dedicated to each person, but this seems cost prohibitive. So my thought is a virtual desktop.

I currently have two Windows 2016 Servers running my main system, including DNS and Active Directory, among other, core services. Is there a way I can build virtual desktops within that server? Should I have a separate server dedicated just to this task? What would be my starting point? Would I use Microsoft's built in Hyper-V? Would I use VMWare in some way?


The first group will probably be only 5-10 users, though this number may go up. I know there are options like Citrix which would provide a web interface but the way our applications are setup they would require a direct connection and so I don't know if Citrix and the like would work, though I am looking into this as well.


We have hundreds of available DHCP over VPN connections through our …
0
Hello Experts - I am planning to replace our web filtering service next year and wanted to get some ideas and opinions on what works for you.  We're currently using Websense which I've never been a big fan of.  I'd like a solution that does a good job of clearly reporting web activity that can be easily understood by non-technical managers and helps prevent users from accessing sites that they shouldn't, preferably with an easy to use interface.  Please let me know what you think, thanks!
0
how to setup IPsec VPN between Mikrotik and Fortigate routers
0
Hi

One of my friend has an internet account with AOL and he has an email account and has been using from many years.
His email address is auser@aol.com

Recently I have been told that somehow email spoofing has happened. All the contacts in his mail have received an email from auser@aol.com with an attachment and his address to make it more genuine and even I have received an email as well.

When click download the attachment it is going to a one drive saying please click here. When I click there, it goes and asks to log in with yahoo, Gmail or 0365 accounts.
I was told that auser has reset his password on his email account and still able to access his email account.

Please let me know if the hacker has control over auser mail box now. Will it be the best way to send an email to all contacts in his email that his account has been hacked and to ignore the email that has been sent with pdf attachment comes from auser@aol.com.

Will it be best to suggest him to open a new Gmail account and if so how to inform all his contacts that his email address has been changed? To Gmail.

Any suggestion and help will be great.
Thanks
0
Cloud Class® Course: Amazon Web Services - Basic
LVL 12
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Brief: SonicWALL IP Spoof on WAN from Similar Subnet.

While this article seems like the resolution doing what it detailed did not resolve the issue:
https://www.experts-exchange.com/questions/2856328/Dell-Sonicwall-IP-Spoof-Detec tion.html

I have a Unifi Controller behind a SonicWALL.
We have multiple sites we control from it.

If the site is on a static IP from the same ISP (only 2 ISPs in town) and has the same first 3 octets the traffic passes fine.
Example:
Server site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.50.230

However if a site is on a different octet then they cannot communicate due to "IP Spoofing" detection.
Example
Servers site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.45.59

I've talked with SonicWALL and their engineers are working to find a resolution but I don't know if they can come up with anything.

The server site ISP WAN IP is a /30 net mask.
0
Is there a means of creating a GRE or IPSec tunnel over a Direct Connect connection between
AWS and a corporate network?
0
So my sonicwall 3600 went down. Sonicwall sent a replacement. I uploaded the saved configuration into the replacement and didn't notice any problems.

The next day, users say they can't access the VPN. After a half day talking to Sonicwall support, we figured out that users cannot access the VPN using their UPN as they used to on the old 3600 but can access it using their SAM.

L2TP / IPSEC with RADIUS (NPS) authentication. Funny thing is, the RADIUS server shows success (reasoncode 0) with both the UPN and SAM. Sonicwall's "Test" area in RADIUS shows Success when testing with UPN.

Thanks in advance!
0
Dear Experts

please let me know if remote users access the hosted applications which is on site through the internet of connection types: DSL/broad band connection or data cards/dongle with the security layer of VPN client access and with YubiKey enabling if this two are taken care will it be within the compliance of ISO27001 standards please suggest,  I want to understand without the MPLS VPN and leased line (site to site vpn)  will it be still possible to meet the iso27001 standards  please suggest.
0
Dear Experts

We have hosted application server which is web based in the head office and this application has to be accessed from remote site’s which are located at a distance, the remote site 1 and remote site 2 users to login to the application and work but they have to be limited to use this application only from within the remote site office premise network, should design the network extremely highly secured, following options I think of and as well few challenges and suggestion
1.Connect the Head office and two remote sites with MPLS VPN network with reputed service providers so that remote site users will access the application server within mpls vpn network
2. If in case service provider says mpls vpn connection is not feasible at remote sites then we have to go for the leased line circuit at all the three locations that is head office where the application server is hosted and at the remote site office 1 and at remote site office 2 and install strong firewall and connect all the 3 locations as site to site vpn connectivity we can go for cisico firewall or sonic.
3.If mpls vpn and also leased line both are not possible due to non-feasibility from service providers and we have left with an option broad band connectivity OR data cards/Dongle then how to achieve the extremely high security,  below is what I can think but I request an experts inputs and suggestions and possibility and recommendation
a) in this case users from the remote sites to be allowed to …
0
Dear Experts

We have to setup and IT infrastructure highly secured,  at head office application servers will be hosted and these applications are web-based this will be accessed from the remote branch office, please suggest is mpls hub and spoke OR IP-sec VPN login setup is recommended network and data security is to be highly secured, please suggest OR you may suggest some other option also, thanks in advance
0
I'm trying to setup a IPSEC tunnel between a Draytek 2860 and a Ubiquiti EdgeMax, I'm very familiar with Drayteks and have setup many tunels before, the EdgeMax is a new customer and I havent used these devices before but looking at the setup its fairly simple to add a IPSEC LAN to LAN.  I think its almost working, here are the logs from Draytek Syslog

1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoA[IPSEC][L2L][1:FEA][@5.2.120.190] IKE link timeout: state linking
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAIKE ==>, Next Payload=ISAKMP_NEXT_HASH, Exchange Type = 0x5, Message ID = 0x17ebe5f9
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoADialing Node1 (FEA) : 5.2.120.190
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAInitiating IKE Main Mode to 5.2.120.190
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoA[IPSEC/IKE][L2L][1:FEA][@5.2.120.190] Initiating IKE Main Mode 
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAIKE ==>, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAIKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAAccept Phase1 prorosals : ENCR OAKLEY_AES_CBC, HASH OAKLEY_SHA 
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAIKE ==>, Next Payload=ISAKMP_NEXT_KE, Exchange Type = 0x2, Message ID = 0x0
…
0
ASA IPSEC tunnel configuration issue with SonicWALL Negotiation is failing
here is the failure log
ASAVPN01/pri/act# Apr 06 00:45:21 [IKEv1]IP = x.x.x.x, IKE Initiator: New Phase 1, Intf Lan, IKE Peer x.x.x.x  local Proxy Address 192.168.90.150, remote Proxy Address 10.252.1.1,  Crypto map (Internet_map)
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing ISAKMP SA payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing Fragmentation VID + extended capabilities payload
Apr 06 00:45:21 [IKEv1]IP = x.x.x.x, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 340
Apr 06 00:45:21 [IKEv1]IP = x.x.x.x, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 96
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, processing SA payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, Oakley proposal is acceptable
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, processing VID payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing ke payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing nonce payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing Cisco Unity VID payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing xauth V6 VID payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, Send IOS VID
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Apr 06 00:45:21 …
0
I am in a world of DNS Hurt

It started after I registered my new domain:
bcmsamerica.com

and used the same Domain Registrar BlueHost as my partner:
banccertified.com

I then needed email accounts and used RackSpace to register 2 email accounts for
bcmsamerica.com

I pointed the MX records to RackSpace and they both worked, as expected.

I was not ready for a website of my own, and got the permission of my partner to point my domain at his site.

I tried various methods including a CNAME record, adding a WWW record, and finally got it to work.

I tried the email, but this time it failed.

I was told that the MX records of banccertified.com pointed to Zoho. So, I dropped RackSpace and used Zoho to host my two email addresses for bcmsamerica.com

It seemed all to work.

Until it stopped working.

Since then, I have gotten the following block coming from somewhere...

Blockage

I can not even type the domain directly without blockage. But sometimes it does work.

So I proceed to click the "Agent Logon" button at the bottom and the page is blocked for the route:
https://www.banccertified.com/marketing

I tried this from my iPhone, and it works. I tried in my three browsers on my Mac, and they all fail.

I used my Tablet, and that also was blocked.

What could be the problem?

Did my router get black-listed somewhere?

I accidentally tried my tablet using my home router, and it was blocked. When I then connected my tablet …
0
Cloud Class® Course: Ruby Fundamentals
LVL 12
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Hi Everyone

I have recently started a new job and I am just looking at the existing infrastructure and listing areas that I think should be changed or improved.  There appears to be a few !!

The first thing I've noticed is that we are currently using a PPTP VPN connection which is set up on a RAS server.  From what I know, PPTP is no longer recommended and is not secure.

We have a Xyxel ZyWALL 1050 firewall that appears to offer both IPSec and SSL VPN connections.  Would it be better to use this as opposed to a software VPN as we currently have ?

As far as I can gather there are not a lot of VPN users, and my plan is to only provide VPN accounts to those with company issued laptops.  I think currently people are connecting in with all sorts of different devices, which I guess in itself is not a problem but as I have doubts about how the VP is working at the moment I would like to get away from that and just assign VPN accounts to those that need them.

I have set up an Open VPN server on my home network, so I have done a bit of work on this before but otherwise I'm a relative newbie.

Thanks
Matthew
0
I have an intermittent SSL handshake failure from one of our business partners: TLS 1.2 Alert Level Fatal: Certificate Unknown.
The error message is see at the packet level in packet from the client to the server (load balancer VIP.) Everything will work
for days or weeks and then suddenly these errors kick in with no change to our load balancer setup.  Can anyone hazard
a guess as to what's going on?
0
We have a remote site connected to the main office via a site to site VPN.  Main office has a very beefy terminal server with a separate Dell DAS device and a fast coax internet connection.  The remote site has very few internet options.  We're running a 40mb down, 10mb up connection for them now.  The issue we're having is that the users at the remote site have dual 4k resolution monitors and when they are viewing large PDF's of building plans, the scrolling is very slow.  Also, switching between programs on the TS is slow.  We can't lower the screen quality because they need to be able to see the plans at max resolution.  They also access 2 or 3 applications that access a database at the main location.  So once the software opens on the TS, it's much faster than using it over the VPN.  

Would a Sonicwall WAN accelerator help?  What else could I look at doing to increase response times on the terminal server but not reduce image quality?
0
We have a site to site IPSEC vpn up and running and communicate to each security appliance, the gateways and VLANs We have connected laptops and other devices and can traverse back and forth.  However, Site A has a vcenter server and we are trying to add two hosts on Site B to the site a vcenter.  I can ping the hosts from site A, and ping B and vice versa. However, I cannot get access from site A to the ESXi Host on site B.  Is there a TCP/UDP necessary to connect to the host?
0
Hello,

Our team is being told to investigate whether our Windows infrastructure contains misconfig encryption.  

I sample a few WIN2012 web servers, open up the registry and look at the secured channel settings.  I see TLS 1.1 client and TLS 1.1 server are enabled.  Some servers have SSL 2.0 client presents but not enabled.  No SSL 3 or TLS present.

Would somone educate me how the secured channel protocols being added into the registry?  

I understand that SSL 2 and 3 are old and they should be disabled.  What is the best way to ensure the disable process will not affect our current applications?

I usually deal with adding secured certificates to the web servers but do not pay attention of what schannel protcol is used.  

Thank you very much.
0
I have a sonicwall nsa2650 and i have an nvr with poe ports on the back that have an internal dhcp server controlling them on a 10.0.0.x subnet. I want to access those ports from my laptop when connected via global vpn client.  sonicwall has x1 and x2 as wan, x0 as lan on 10.10.30.x, and I have plugged one of the nvr ports into x3 on sonicwall.  I need help configuring sonicwall so that I can navigate to the 10.0.0.x subnet
0

Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Top Experts In
Internet Protocol Security
<
Monthly
>