Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello Experts - I am planning to replace our web filtering service next year and wanted to get some ideas and opinions on what works for you.  We're currently using Websense which I've never been a big fan of.  I'd like a solution that does a good job of clearly reporting web activity that can be easily understood by non-technical managers and helps prevent users from accessing sites that they shouldn't, preferably with an easy to use interface.  Please let me know what you think, thanks!
0
Cloud Class® Course: Microsoft Azure 2017
LVL 12
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Hi

One of my friend has an internet account with AOL and he has an email account and has been using from many years.
His email address is auser@aol.com

Recently I have been told that somehow email spoofing has happened. All the contacts in his mail have received an email from auser@aol.com with an attachment and his address to make it more genuine and even I have received an email as well.

When click download the attachment it is going to a one drive saying please click here. When I click there, it goes and asks to log in with yahoo, Gmail or 0365 accounts.
I was told that auser has reset his password on his email account and still able to access his email account.

Please let me know if the hacker has control over auser mail box now. Will it be the best way to send an email to all contacts in his email that his account has been hacked and to ignore the email that has been sent with pdf attachment comes from auser@aol.com.

Will it be best to suggest him to open a new Gmail account and if so how to inform all his contacts that his email address has been changed? To Gmail.

Any suggestion and help will be great.
Thanks
0
Brief: SonicWALL IP Spoof on WAN from Similar Subnet.

While this article seems like the resolution doing what it detailed did not resolve the issue:
https://www.experts-exchange.com/questions/2856328/Dell-Sonicwall-IP-Spoof-Detec tion.html

I have a Unifi Controller behind a SonicWALL.
We have multiple sites we control from it.

If the site is on a static IP from the same ISP (only 2 ISPs in town) and has the same first 3 octets the traffic passes fine.
Example:
Server site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.50.230

However if a site is on a different octet then they cannot communicate due to "IP Spoofing" detection.
Example
Servers site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.45.59

I've talked with SonicWALL and their engineers are working to find a resolution but I don't know if they can come up with anything.

The server site ISP WAN IP is a /30 net mask.
0
Is there a means of creating a GRE or IPSec tunnel over a Direct Connect connection between
AWS and a corporate network?
0
So my sonicwall 3600 went down. Sonicwall sent a replacement. I uploaded the saved configuration into the replacement and didn't notice any problems.

The next day, users say they can't access the VPN. After a half day talking to Sonicwall support, we figured out that users cannot access the VPN using their UPN as they used to on the old 3600 but can access it using their SAM.

L2TP / IPSEC with RADIUS (NPS) authentication. Funny thing is, the RADIUS server shows success (reasoncode 0) with both the UPN and SAM. Sonicwall's "Test" area in RADIUS shows Success when testing with UPN.

Thanks in advance!
0
Dear Experts

please let me know if remote users access the hosted applications which is on site through the internet of connection types: DSL/broad band connection or data cards/dongle with the security layer of VPN client access and with YubiKey enabling if this two are taken care will it be within the compliance of ISO27001 standards please suggest,  I want to understand without the MPLS VPN and leased line (site to site vpn)  will it be still possible to meet the iso27001 standards  please suggest.
0
Dear Experts

We have hosted application server which is web based in the head office and this application has to be accessed from remote site’s which are located at a distance, the remote site 1 and remote site 2 users to login to the application and work but they have to be limited to use this application only from within the remote site office premise network, should design the network extremely highly secured, following options I think of and as well few challenges and suggestion
1.Connect the Head office and two remote sites with MPLS VPN network with reputed service providers so that remote site users will access the application server within mpls vpn network
2. If in case service provider says mpls vpn connection is not feasible at remote sites then we have to go for the leased line circuit at all the three locations that is head office where the application server is hosted and at the remote site office 1 and at remote site office 2 and install strong firewall and connect all the 3 locations as site to site vpn connectivity we can go for cisico firewall or sonic.
3.If mpls vpn and also leased line both are not possible due to non-feasibility from service providers and we have left with an option broad band connectivity OR data cards/Dongle then how to achieve the extremely high security,  below is what I can think but I request an experts inputs and suggestions and possibility and recommendation
a) in this case users from the remote sites to be allowed to …
0
Dear Experts

We have to setup and IT infrastructure highly secured,  at head office application servers will be hosted and these applications are web-based this will be accessed from the remote branch office, please suggest is mpls hub and spoke OR IP-sec VPN login setup is recommended network and data security is to be highly secured, please suggest OR you may suggest some other option also, thanks in advance
0
I'm trying to setup a IPSEC tunnel between a Draytek 2860 and a Ubiquiti EdgeMax, I'm very familiar with Drayteks and have setup many tunels before, the EdgeMax is a new customer and I havent used these devices before but looking at the setup its fairly simple to add a IPSEC LAN to LAN.  I think its almost working, here are the logs from Draytek Syslog

1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoA[IPSEC][L2L][1:FEA][@5.2.120.190] IKE link timeout: state linking
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAIKE ==>, Next Payload=ISAKMP_NEXT_HASH, Exchange Type = 0x5, Message ID = 0x17ebe5f9
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoADialing Node1 (FEA) : 5.2.120.190
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAInitiating IKE Main Mode to 5.2.120.190
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoA[IPSEC/IKE][L2L][1:FEA][@5.2.120.190] Initiating IKE Main Mode 
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAIKE ==>, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAIKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAAccept Phase1 prorosals : ENCR OAKLEY_AES_CBC, HASH OAKLEY_SHA 
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAIKE ==>, Next Payload=ISAKMP_NEXT_KE, Exchange Type = 0x2, Message ID = 0x0
…
0
ASA IPSEC tunnel configuration issue with SonicWALL Negotiation is failing
here is the failure log
ASAVPN01/pri/act# Apr 06 00:45:21 [IKEv1]IP = x.x.x.x, IKE Initiator: New Phase 1, Intf Lan, IKE Peer x.x.x.x  local Proxy Address 192.168.90.150, remote Proxy Address 10.252.1.1,  Crypto map (Internet_map)
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing ISAKMP SA payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing Fragmentation VID + extended capabilities payload
Apr 06 00:45:21 [IKEv1]IP = x.x.x.x, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 340
Apr 06 00:45:21 [IKEv1]IP = x.x.x.x, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 96
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, processing SA payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, Oakley proposal is acceptable
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, processing VID payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing ke payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing nonce payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing Cisco Unity VID payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing xauth V6 VID payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, Send IOS VID
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Apr 06 00:45:21 …
0
Cloud Class® Course: Certified Penetration Testing
LVL 12
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

I am in a world of DNS Hurt

It started after I registered my new domain:
bcmsamerica.com

and used the same Domain Registrar BlueHost as my partner:
banccertified.com

I then needed email accounts and used RackSpace to register 2 email accounts for
bcmsamerica.com

I pointed the MX records to RackSpace and they both worked, as expected.

I was not ready for a website of my own, and got the permission of my partner to point my domain at his site.

I tried various methods including a CNAME record, adding a WWW record, and finally got it to work.

I tried the email, but this time it failed.

I was told that the MX records of banccertified.com pointed to Zoho. So, I dropped RackSpace and used Zoho to host my two email addresses for bcmsamerica.com

It seemed all to work.

Until it stopped working.

Since then, I have gotten the following block coming from somewhere...

Blockage

I can not even type the domain directly without blockage. But sometimes it does work.

So I proceed to click the "Agent Logon" button at the bottom and the page is blocked for the route:
https://www.banccertified.com/marketing

I tried this from my iPhone, and it works. I tried in my three browsers on my Mac, and they all fail.

I used my Tablet, and that also was blocked.

What could be the problem?

Did my router get black-listed somewhere?

I accidentally tried my tablet using my home router, and it was blocked. When I then connected my tablet …
0
Hi Everyone

I have recently started a new job and I am just looking at the existing infrastructure and listing areas that I think should be changed or improved.  There appears to be a few !!

The first thing I've noticed is that we are currently using a PPTP VPN connection which is set up on a RAS server.  From what I know, PPTP is no longer recommended and is not secure.

We have a Xyxel ZyWALL 1050 firewall that appears to offer both IPSec and SSL VPN connections.  Would it be better to use this as opposed to a software VPN as we currently have ?

As far as I can gather there are not a lot of VPN users, and my plan is to only provide VPN accounts to those with company issued laptops.  I think currently people are connecting in with all sorts of different devices, which I guess in itself is not a problem but as I have doubts about how the VP is working at the moment I would like to get away from that and just assign VPN accounts to those that need them.

I have set up an Open VPN server on my home network, so I have done a bit of work on this before but otherwise I'm a relative newbie.

Thanks
Matthew
0
I have an intermittent SSL handshake failure from one of our business partners: TLS 1.2 Alert Level Fatal: Certificate Unknown.
The error message is see at the packet level in packet from the client to the server (load balancer VIP.) Everything will work
for days or weeks and then suddenly these errors kick in with no change to our load balancer setup.  Can anyone hazard
a guess as to what's going on?
0
We have a remote site connected to the main office via a site to site VPN.  Main office has a very beefy terminal server with a separate Dell DAS device and a fast coax internet connection.  The remote site has very few internet options.  We're running a 40mb down, 10mb up connection for them now.  The issue we're having is that the users at the remote site have dual 4k resolution monitors and when they are viewing large PDF's of building plans, the scrolling is very slow.  Also, switching between programs on the TS is slow.  We can't lower the screen quality because they need to be able to see the plans at max resolution.  They also access 2 or 3 applications that access a database at the main location.  So once the software opens on the TS, it's much faster than using it over the VPN.  

Would a Sonicwall WAN accelerator help?  What else could I look at doing to increase response times on the terminal server but not reduce image quality?
0
We have a site to site IPSEC vpn up and running and communicate to each security appliance, the gateways and VLANs We have connected laptops and other devices and can traverse back and forth.  However, Site A has a vcenter server and we are trying to add two hosts on Site B to the site a vcenter.  I can ping the hosts from site A, and ping B and vice versa. However, I cannot get access from site A to the ESXi Host on site B.  Is there a TCP/UDP necessary to connect to the host?
0
Hello,

Our team is being told to investigate whether our Windows infrastructure contains misconfig encryption.  

I sample a few WIN2012 web servers, open up the registry and look at the secured channel settings.  I see TLS 1.1 client and TLS 1.1 server are enabled.  Some servers have SSL 2.0 client presents but not enabled.  No SSL 3 or TLS present.

Would somone educate me how the secured channel protocols being added into the registry?  

I understand that SSL 2 and 3 are old and they should be disabled.  What is the best way to ensure the disable process will not affect our current applications?

I usually deal with adding secured certificates to the web servers but do not pay attention of what schannel protcol is used.  

Thank you very much.
0
I have a sonicwall nsa2650 and i have an nvr with poe ports on the back that have an internal dhcp server controlling them on a 10.0.0.x subnet. I want to access those ports from my laptop when connected via global vpn client.  sonicwall has x1 and x2 as wan, x0 as lan on 10.10.30.x, and I have plugged one of the nvr ports into x3 on sonicwall.  I need help configuring sonicwall so that I can navigate to the 10.0.0.x subnet
0
Looking for a cost effective appliance based VPN solutions (Preferably clientless), for small business.
Thoughts/ideas/recommendations?

We have a number of small clients that we have been using the Netgear fVS-336s with a lot of success but they are no longer supporting it.
Some users remain on as much as 8-10 hours per day.

Thanks!
0
We use TITAN FTP server v11.x.
Having an issue where a clients IP keeps getting blacklisted.
In the logs, i can see that they are logging in with the wrong user ID one time and immediately getting banned.
In settings at user level I have turned off the settings to ban after X attempts, and added their IP to the Client level whitelist.

Logs are below showing the user getting banned. Any idea why the action is so quick and severe? any way to make it a little more forgiving ?

2018-03-01 12:53:37 [2/1256/84c] New incoming connection from IP address: 65.116.210.66, port: 40982, socket=1488
2018-03-01 12:53:37 [2/1256/84c] OnPostCreation(pBaseCxn=0x852fb80,socket=1488), sending the '220 Welcome' message
2018-03-01 12:53:37 [2/1488/84c] RESPONSE: 220 Titan FTP Server 11.30.2350 Ready.
2018-03-01 12:53:37 [2/1488/84c] COMMAND: USER [dayco@ftp.completeshipping.ca] ***
2018-03-01 12:53:37 [2/1488/84c] Trying to find user:dayco@ftp.completeshipping.ca
2018-03-01 12:53:37 [2/1488/84c] User "dayco@ftp.completeshipping.ca" not found, we will fail in PASS.; returning 331
2018-03-01 12:53:37 [2/1488/84c] FindUserEx("dayco@ftp.completeshipping.ca") returned Success.
2018-03-01 12:53:37 [2/1488/84c] Adding random sleep activity for 23ms to deter hacker from realizing username is invalid
2018-03-01 12:53:37 [2/1488/84c] RESPONSE: 331 User name okay, need password.
2018-03-01 12:53:37 [2/1488/84c] COMMAND: PASS <hidden>
2018-03-01 12:53:37 [2/1488/84c] User 

Open in new window

0
Cloud Class® Course: C++ 11 Fundamentals
LVL 12
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Does Microsoft's Anti-XSS Library block:

HTTP Splitting and Cache Poisoning?

These are new concepts to me, so surely I need to spend more time reading this article:

http://chousensha.github.io/blog/2014/08/15/pentest-lab-webgoat/

If you have the time... :)

Which vulnerability is NOT blocked by Microsoft's Anti-XSS Library?

Thanks
0
How Vulnerable are query string parameters and their values?

I am curious how vulnerable a website is to hacking that has little validation on the query string params.

Some argue that:
1) an unrecognized query string parameter can do no harm
2) it's too much work, since the program is always in flux, so the "poor stepchild" would not keep up
3) the code to block this (locally at least) is fragile and will always delay a solid release
4) there will be many more failed log-ins than blocked hackers

What are your thoughts on this topic?

And how does using a Web Application Firewall change the discussion?

It seems that if the benefits to security were small or non-existent, the Security Industry would not waste its time closing this vulnerability.
0
Hello

We are in the process of changing our 3x site IPSec VPN to a stage migration to MPLS, so single firewall.

Stage one is to get site 1 on MPLS first and leverage some of the newer features of the hosted firewall while still routing traffic across the site to site vpns accordingly.

First change we (on prem) need to do is re-configure a number of ports in the switch to accomodate the new on prem router(s).

Currently we have HSRP (i think) on the CPE which terminates on the HP L3 (2920 poe) switch.  Its currently using a Vlan with no IP address associated and has a ports connected to the two routers.
The two other vlans we have are for voice and data and each vlan has a connection to the firewall which has the two vlans configured.

The new provider would like to use trunk ports to get away from the multiple ports to multiple vlans.   Any pointers here in terms of configuration on the switch and if this can be done without changing the existing config (should all go wrong)?

thanks
0
Assessing Vulnerability from URL parameters

I am in the processing of helping secure a .NET website against URL hacking. So I have spent some time adding a whitelist of valid domains and sub-domains. But what about query parameters?

My instincts are to add a second whitelist of valid query string parameters, but does that do anything to protect me?

I suppose a determined hacker could, with time and experimentation, find a query string param that has some exploitation value.

What do you think?

My worry is that whitelist of query string params may be difficult to generate, as this website is quite large. And there is always a risk of rejecting a legitimate request. The query string exposure is about revealing key data in the URL, but I am asking whether there is value in asserting that each query string param is in a whitelist of such params?

So, this is a customer service versus hack risk, threat assessment. And if there is little or no measurable reduction in threat, then this parameter whitelist could cause more harm than good.

Thoughts?

Thanks.


Thanks.
0
Looking for Test URL's to try against my Anti-XSS code

Can you post some URL's or a link to a site where I can get dozens of various URL's that I can use to test against my Anti-XSS URL Hack code?

I need domains in the return URL, query string parameters, to see what my code can do.

Thanks
0
I had an attack on my site last night and I was looking in /varlog/messages and I see these entries happening every second

Feb 12 10:53:56 ip-172-31-22-236 saslauthd[2711]:                 : auth failure: [user=mara] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:53:56 ip-172-31-22-236 saslauthd[2713]:                 : auth failure: [user=tigers] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:53:56 ip-172-31-22-236 saslauthd[2710]:                 : auth failure: [user=tigers] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:53:58 ip-172-31-22-236 saslauthd[2716]:                 : auth failure: [user=josie] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:53:58 ip-172-31-22-236 saslauthd[2715]:                 : auth failure: [user=josie] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:54:05 ip-172-31-22-236 saslauthd[2711]:                 : auth failure: [user=stephanie] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:54:05 ip-172-31-22-236 saslauthd[2713]:                 : auth failure: [user=stephanie] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:54:11 ip-172-31-22-236 saslauthd[2710]:                 : auth failure: [user=amanda] [service=smtp] 

Open in new window

0

Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Top Experts In
Internet Protocol Security
<
Monthly
>