[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have about two dozen remote sites that I need to create VPN tunnel.  I have Checkpoint FW cluster here.  The 23 remote sites either have Cisco, Forcepoint, Palo Alto or Juniper firewalls.  Using IPSEC, I need a good plan for setting up individual tunnels to these disparate sites.  I have a general understanding of IPSEC but not the specifics for configuring each firewall.

Can you point me to good literature, or links, or video media that helps me lay out a plan for gathering all the information needed for/from each customer to roll out these VPNs?
1
OWASP: Forgery and Phishing
LVL 12
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

WordPress site getting SPAMMED, not sure how to stop it.

My website, FortressHarvard.com

has a Download button, and when you fill your Name and Email, then click the button, you get an email with the URL to my book's Preface and Chapter 1. Also, I get an email to my "info@" email's inbox with the name and email of the person requesting the downloading.

I am getting spammed there, by some sort of robot, and do not know how to stop it.

This started yesterday morning, and continued every few minutes, non-stop. I even added a CAPTA requirements this morning, but that had no impact.

How do I stop this SPAM?

Thanks
0
How does password reset works in international locations with MFA.  Here in US I can input a phone number in AD Mobile field. example +1-415-111-1111
Then it sends a code to the phone and you confirm.  Would it work with international locations?  Example China +86-180-1111-1111

https://passwordreset.microsoftonline.com/
0
I have multiple sites on my internal network all connected with IPSec tunnels.   Each site has a Windows domain controller.  In addition to the domain controller, each site also has a NAS which serves as a file server.   My issue is this.    I want to publish a specific DNS name within one of the internal zones.   Assign each site a version of this name that points to the local NAS device.      I have all the IP information defined in sites and services.   When I have the DNS name something like mydnsname.mydomain.com I want the systems to return the IP of the local device.  What I'm seeing is from corporate, when I reference the device I'm getting random responses from across all of the offices.    
  Is there a way to make DNS prefer IP's on the site I sit on instead of round robin looking through the list of available servers?
0
Hi guys

As part of the last question I asked about firewall rules, I am looking at our firewall right now and monitoring the traffic. I'm looking at the traffic between VPN connections from our stores to a main server. These stores are all using the same application to communicate with the server. However, I'm looking at the server and it is receiving connections from our various stores, but every single store is communicating via a different port. So one store will be coming through port 4274. The other one will send it via port 4288. My point is, are applications specifically written in this way to prevent security breaches from happening by constantly randomising their port sequences so that they can't be 'guessed' by a malicious attacker?

And if that is the case, surely going back to the answers being given previously, this does warrant the ability for the 'ANY' ports to be open from site A to site B via VPN.

Thank you
Yash
0
I have a watchguard M270, the customer has a hosted server they connect to via ipsec. What policy could I enable to allow the ipsec vpn outbound.
0
Hi all,
I have a FW problem,
I've got two fortigate firewalls connected by IPsec VPN which is working great. users can connect to the main site also with SSL VPN. The problem is that when an SSL VPN user can't get to the remote site computes,
The main site address is 192.168.1.0/24,
The remote site address is 10.0.0.0/24
The SSL VPN address is 172.16.0.(100-110).
The phase 2 in the IPsec VPN is configurd with 0.0.0.0 and I've tried all the policies from the cookboos I could find but I still can't get it to work. The SSL Tunnel is split and the remote site address is configure in it.
What am I doing wrong?
Is there any suggestions on how can I resolve it?

Thanxs in advance
0
ipsecvpn.JPG




We  have  a network similar  to the diagram  shown above ,,
And  we  want  to configure IPSEC  IKv1 VPN between 2  sites .  we  have  A cisco  4321 Router at Branch A and  A Palo Alto firewall on  the  other end  …

After  doing  the well known configuration provided by Cisco at

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/119425-configure-ipsec-00.html

we found  that  we  still could not  form  a successful a tunnel  between sites ,,   ..  
we  think that  there  a hope or a firewall somewhere in the  WAN path  blocking or  filtering
the  IKEv1  traffic  and  ICMP

so  the Questino consist of  two  parts :-

First :-   Kindly  provide  us  with  your suggestion regarding the proper an optimim configuration for the
Devices  at  both ends

Second :-   In  the  WAN  how  could  we  specify  the hop that  filter that traffic exactly ?
                          We  want  to prove that one hop is blocking or filtering IKv1 and ICMP traffic
              Then how could we find and prove that it  prevents specific data traffic  ?
0
On a Fortigate I wish to send traffic from an internal subnet through an IPSec VPN rather than straight out to the internet.

I have created a Policy Route as follows, but traffic still goes out the internet interface and not though the VPN.

Here's the config - testing traffic coming from IP 172.16.1.59 goes to the VPN 'test2'

Thanks

Capture.PNG
0
I'm trying to setup a IPSEC VPN tunnel between a Draytek 2860 and a Cisco ASA 5520.

I did manage to establish the VPN connection before but now I am unable to connect. Here are the logs from Draytek Syslog

2018-08-13 01:41:29	 [IPSEC][L2L][5:WMH_PXP1][@xx.xxx.x.xxx] IKE link timeout: state linking
 2018-08-13 01:41:26	 IKE <==, Next Payload=ISAKMP_NEXT_N, Exchange Type = 0x5, Message ID = 0x0
 2018-08-13 01:41:20	 IKE <==, Next Payload=ISAKMP_NEXT_N, Exchange Type = 0x5, Message ID = 0x0
 2018-08-13 01:41:16	 IKE ==>, Next Payload=ISAKMP_NEXT_KE, Exchange Type = 0x2, Message ID = 0x0
 2018-08-13 01:41:16	 Accept Phase1 prorosals : ENCR OAKLEY_AES_CBC, HASH OAKLEY_SHA
 2018-08-13 01:41:16	 IKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
 2018-08-13 01:41:16	 IKE ==>, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
 2018-08-13 01:41:16	 [IPSEC/IKE][L2L][5:WMH_PXP1][@xx.xxx.x.xxx] Initiating IKE Main Mode
 2018-08-13 01:41:16	 Initiating IKE Main Mode to xx.xxx.x.xxx
 2018-08-13 01:41:16	 Dialing Node5 (WMH_PXP1) : xx.xxx.x.xxx

Open in new window

0
OWASP: Avoiding Hacker Tricks
LVL 12
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Because I am taking over for an ex-employee, I am tasked with finding out why a visitor who's logged in session times out 24 hours after inactivity can still see certain things that they should only be able to see when logged in, like special pricing. It was originally designed this way, because the boss wanted government customers who have logged in at some point to always be able to see their government pricing, whether they were currently logged in or not. Now, that decision has been reversed, and we only want them to see their government pricing if their current logged in session is valid.

we use Symfony2 on Unix / Apache if that matters

I have no idea if it's a cookie, a session, or whatever else

I know we utilize both but I don't know if the answer lies in either place
0
I'm looking to put together a document that basically states why we need to replace 5 or 6 switches and need a template that will have ROI, business reasoning for the change and possibly cost analysis.  I'm not familiar with the process, but I would like to get this going and I'm assuming there might be some type of template available?  

I'm also looking into proposing an ISE implementation as well and also need some type of documents or templates for completing this as well.  We presently have 3560s in the environment and we're looking to replace these devices with the latest and greatest that will also be OSPF complaint as well as ISE complaint we well.

From the ISE point-of-view, we might be looking to having a virtual appliance and also wanted to the know the pros/cons to this as opposed to having a physical device, if any.  Maybe the difference in cost as well.
0
I have a Netgear FVS318N, and it has worked great for our needs in a small business.
 Of  Course netgear is no longer  Supporting any utm or small business fire wall VPN routers.
What is a good alternative to this level of a fire wall with good VPN
IPsec or SSL VPN.
We really don't wanna spend $2000 or even a $1000 is there anything in that mid range? the netgear FVS318 and was only about $200.
 any suggestions thanks
0
Draytek to Cisco ASA IPSEC vpn issue
I am sure its just a mismatch but wondered if anyone with more knowledge can tell me what to change on draytek to get it to connect.

Draytek set to
Dial Out
IKEv1
Pre shared key entered
High (ESP)
AES (with encryption)
  Phase 1 proposal : auto
  Phase 2 Proposal : AES256_SHA256
Key 1 lifetime : 86400
Key 2 Lifetime : 3600
PFS : enable
Local ID blank


Here is the cisco config for VPN

crypto ipsec ikev1 transform-set ESP-AES256-SHA esp-aes-256 esp-sha-hmac

crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400


crypto map site-to-site 100 match address CCTV-TSI-VPN
crypto map site-to-site 100 set pfs
crypto map site-to-site 100 set peer 8x.xx.xx.xx
crypto map site-to-site 100 set ikev1 transform-set ESP-AES256-SHA
crypto map site-to-site 100 set security-association lifetime seconds 3600
crypto map site-to-site 100 set security-association lifetime kilobytes 4608000
0
Hi Experts

Could you point if  phpCAS that uses API for authenticating users against a CAS server (WebSSO CAS) could be integrated at an existing Codeigniter project?

CAS - Central Authentication Server

I'm implementing a SSO (Single Sign-On)  funcionality to allow a web app conexion based on user id and  correspondent user's data obtained from LDAP (AD-Active Directory)

phpCAS

I'm planning to implement the SSO functionality at PHP Codeigniter's site index.php.

Thanks in advance!
0
I have 2 sites connected via IPsec VPN but I cannot connect to services across this VPN.

 

The tunnel is active and I can send ICMP in either direction but I can't connect to any of the internal resources. This had been working previously for a while (years) without issue and just recently cropped up, no changes have been made to the networks.

 

Site A: 192.168.1.0/24
Using a Ubiquiti EdgeMax Router firmware 1.10.5

Site B: 192.168.2.0/24
Using a Cisco RV042

 

auto-firewall-nat-exclude is enabled, can ping across VPN, running latest firmware, rebooted device, rekeyed the tunnel, destination server firewall is allowing incoming traffic

 

Here is my tunnel sa and a ping showing that I can get across.

 

unifisa.PNG
 

I can also ping from the remote site to 192.168.1.0/24

 

From Site A I can access a local website at Site B, but I cannot connect to local resources at Site A from Site B which is what we really need.
0
Will submitting a login form with a POST request over HTTPS be enough security or are there other precautions I should take? This project is also being built in Angular if there are any specific considerations.
0
I'm looking for some guidance on how to allow Remote Users to access system applications. We currently are running a phase 1 setup where users are sent home with company equipment and use Sonicwall Global VPN software and Remote Desktop to remote into their own computers, located on site.

This is not, however, ideal, as it requires equipment on both ends.

Ideally what I'm looking for is to have a way for a user to have equipment at home, use a secure VPN connection with the Sonicwall Global Client, and then have the user access a desktop that is not in use. One way, obviously, is to have a bank of PC's with one dedicated to each person, but this seems cost prohibitive. So my thought is a virtual desktop.

I currently have two Windows 2016 Servers running my main system, including DNS and Active Directory, among other, core services. Is there a way I can build virtual desktops within that server? Should I have a separate server dedicated just to this task? What would be my starting point? Would I use Microsoft's built in Hyper-V? Would I use VMWare in some way?


The first group will probably be only 5-10 users, though this number may go up. I know there are options like Citrix which would provide a web interface but the way our applications are setup they would require a direct connection and so I don't know if Citrix and the like would work, though I am looking into this as well.


We have hundreds of available DHCP over VPN connections through our …
0
Hello Experts - I am planning to replace our web filtering service next year and wanted to get some ideas and opinions on what works for you.  We're currently using Websense which I've never been a big fan of.  I'd like a solution that does a good job of clearly reporting web activity that can be easily understood by non-technical managers and helps prevent users from accessing sites that they shouldn't, preferably with an easy to use interface.  Please let me know what you think, thanks!
0
SD-WAN: Making It Work for You
SD-WAN: Making It Work for You

As bandwidth requirements and Internet costs grow, businesses naturally want to manage budgets by reducing reliance on their most expensive connection types. Learn more about how to make SD-WAN work for your business in our on-demand webinar!

how to setup IPsec VPN between Mikrotik and Fortigate routers
0
Hi Experts,

I am looking for a two-way authentication procedure in the attempt to protect one of our public facing website.

I would like to implement some type of two way authentication to add an additional layer of protect.


I am thing of the end users getting an email notification or some type of verification method.

Any thought or recommendations?

Thank you
0
Hi

One of my friend has an internet account with AOL and he has an email account and has been using from many years.
His email address is auser@aol.com

Recently I have been told that somehow email spoofing has happened. All the contacts in his mail have received an email from auser@aol.com with an attachment and his address to make it more genuine and even I have received an email as well.

When click download the attachment it is going to a one drive saying please click here. When I click there, it goes and asks to log in with yahoo, Gmail or 0365 accounts.
I was told that auser has reset his password on his email account and still able to access his email account.

Please let me know if the hacker has control over auser mail box now. Will it be the best way to send an email to all contacts in his email that his account has been hacked and to ignore the email that has been sent with pdf attachment comes from auser@aol.com.

Will it be best to suggest him to open a new Gmail account and if so how to inform all his contacts that his email address has been changed? To Gmail.

Any suggestion and help will be great.
Thanks
0
We are facing a problem exchanging information in HL7 protocol in a standard environment listener\receiver.
Our application works fine on a plain network, get some errors on an ipsec vpn tunnel.
I'm not an expert, seems to be a problem related to packet fragmentation, any packets are truncated and cannot be managed.
this no happens on the same lan, so we are pointing to MTU or SECURITY CONTROL applied on vpn.
Can you help me ?
Sorry , i'm not providing many details, please ask me what you think is important..
Thanks
M
0
Brief: SonicWALL IP Spoof on WAN from Similar Subnet.

While this article seems like the resolution doing what it detailed did not resolve the issue:
https://www.experts-exchange.com/questions/2856328/Dell-Sonicwall-IP-Spoof-Detec tion.html

I have a Unifi Controller behind a SonicWALL.
We have multiple sites we control from it.

If the site is on a static IP from the same ISP (only 2 ISPs in town) and has the same first 3 octets the traffic passes fine.
Example:
Server site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.50.230

However if a site is on a different octet then they cannot communicate due to "IP Spoofing" detection.
Example
Servers site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.45.59

I've talked with SonicWALL and their engineers are working to find a resolution but I don't know if they can come up with anything.

The server site ISP WAN IP is a /30 net mask.
0
Is there a means of creating a GRE or IPSec tunnel over a Direct Connect connection between
AWS and a corporate network?
0

Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.