Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

We're getting Nessus Tenable for vulnerability scans (likely with admin-credentialed scans)
& likely penetration tests.

Q1:
https://security.stackexchange.com/questions/71389/where-to-place-a-vulnerability-scanner-within-a-data-center
Above link has various views & I don't understand one of the line:
"If you're not granting the scanner admin level access to your assets and you're allowing an IPS to interfere then you're doing yourself a disservice."

Q2:
I intend to scan through the Network IPS because we may not be able to apply patches
in time (can't test out patches & obtain downtime in time), so most likely we'll deploy
NIPS virtual patches as interim remediation.  So do we still scan using 'admin credential'
scan in my scenario?

Q3:
Certainly dont plan to scan from public Internet but where is the best location within
our Prod network should we connect up this virtual (runs in VM) scanner?  Management
VLAN or in each Prod subnet, we place one scanner or run from laptop & connect to
a switch port which is assigned all the VLANs  or we just place in DMZ  or  internal
subnet & open up firewall rules?  Firewall may slow down the scans.

Q4:
From secure perspective, which is the most secure place to connect it as we may
use admin credentials (at this moment, no idea how to get it to integrate with
TPAM though we may move to CyberArk in 12-16 months' time as Nessus told
us it integrates with Cyberark, querying the password from Cyberark)
0
How to Generate Services Revenue the Easiest Way
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Dear Experts

I am looking for the best practice network design to connect 03 offices which is 3 different locations with secured links with redundant links. Below explained
Data center where business applications are hosted in the location 1 here the business applications which are web-based applications, windows AD for authentication, file server, email server are maintained, cisco 1010 FTD and Cisco FMC is in place and two ISP’s.
Location 2 which is far of distance is going to be connected to location 1 data center with MPLS VPN link and for redundancy broad band link planning for SD WAN solution. Finalized and implementation is in progress.
Now that all the employees who were so far working in location 1 that is at data center location to be shifted to the location 3 which is of little distance from location 1.  However, we are not shifting data center and our employess are of 20 users who is going to work from location 3 and they have to login for authentication to location 1 where the windows AD and file server for their document store and business application they use CRM.
1.      Please suggest the best network design to connect location 3 to location 1, should I have to plan for MPLS VPN as one link and secondary link as leased line and use SD WAN solution here or any other best practice please.
2.      How much bandwidth would be needed between location 3 to location 1 for web-based and store documents in the folder
3.  as we have 20 users is it required to setup …
0
Hi,

I have question. Can we manage Firepower 4110 without using FMC (Firepower management center) or I will need to buy one?
Which appliance or virtual FMC I need to buy? and is there any free license or no?

Thanks in advance
0
Hi All,

We use WatchGuard Friebox as our firewall. Last couple of days it has detected and blocked a relatively high for us(1oo hits) of activity it labels as MASSCAN Activity. I have traced this back to a handful of IP addresses. These tried to attack a couple of our web server that we have to publish on the internet. Only ports 80 and 443 are open on these connections.

Is there anything etc I can/need to do to help stop this activity, or is it one of those things I have to live with as long as WatchGuard is blocking it.

Cheers,
Paul
0
We are having loads of trouble configuring a Site2Site VPN with a pair of Watchguard T35 firewalls.
Neither is configured pretty much outside of the initial setup wizard.
The current site 2 site vpn is stock from the vpn configuration guide from Watchguard.

We tried a number of different configs, but have currently deleted them to restart fresh.
Also we are trying to set the connection to initiate from SiteB to SiteA just to limit randomness, but can set bidirection or SiteA to SiteB as initiator.  Doesn't really matter to us

My theories may be off, so I'll just throw out the logs from each to see what you may think is happening.

Thank you in advance.


Site A
*** WG Diagnostic Report for Gateway "AA-to-TC-Gateway" ***
Created On: Tue Oct 29 09:22:49 2019

[Conclusion]
	Error Messages for Gateway Endpoint #1(name "AA-to-TC-Gateway")
		        Oct 29 09:22:35 2019 ERROR  0x02030015 Message retry timeout. Check the connection between local and remote gateway endpoints.


[Gateway Summary]
	Gateway "AA-to-TC-Gateway" contains "1" gateway endpoint(s). IKE Version is IKEv1.
	  Gateway Endpoint #1 (name "AA-to-TC-Gateway") Enabled
		Mode: Main
		PFS: Disabled 	AlwaysUp: Disabled
		DPD: Enabled 	Keepalive: Disabled
		Local ID<->Remote ID: {IP_ADDR(A.A.A.A) <-> IP_ADDR(B.B.B.B)}
		Local GW_IP<->Remote GW_IP: {A.A.A.A <-> B.B.B.B}
		Outgoing Interface: eth0 (ifIndex=4)
			ifMark=0x10000
			linkStatus=0 (0:unknown, 1:down, 2:up)
		Stored user messages:
		        

Open in new window

0
We get an audit finding from one of the Big Four audit firms as follows:
"A study should be conducted to determine the granularity of the segmentation of end-users. Minimally,
  IT administrators should be in a separate network segment from the rest of the end-users."
"Inadequate network segmentation increases the ease and risk of lateral movement by cyber-
  attacks, if a server or device in the segment is compromised."

As sysadmins have "privileged" access to servers & compromise of their PCs will risk compromising
the servers in a 'privileged' way, we'll adopt the recommendation.

I'll need some good points/arguments to support our stand of not further segmenting each
departments from each other:

a) the main exposures are from "Internet surfing" & emails access (lots of malicious attachments,
    phishing, spam emails seen in email gateways) besides USB ports

b) all other users belong to same trust domain as they read emails & surf internet (yes, the
     sysadmins are encouraged to surf internet on PCs not used to surf Net & read emails)

c) for workstations used for Industrial Control Systems/Operations Tech, they don't have email
    access & Internet surfing &  have been rightfully segregated as per existing set-up

d) To prevent lateral attacks, EDR, AV & email security (forwarding of malicious emails to
     other colleagues) are in place with SIEM for detecting such events in the pipeline

e) if we were to segregate every departments (eg:…
0
Hi, I'm using the Quarantine feature from Watchguard and this creates a Quarantine website users can log onto. But the problem is that it's an intranet server and as such doesn't have an 'official' SSL certificate. I tried to create a self-signed one etc but I keep on failing ... could someone please give me step-by-step instructions on how to create a self-signed certificate and attach it to that website so that the browsers won't throw their security warnings anymore? Thanks!
0
How can I lower the Java Security Rules for internal networks only?

Currently our users are needing to manually enter an internal web address in their Java Exception list.  I have been charged with trying to make the process more automatic for our users.  Specifically to allow all URL's for internal web addresses to allow the Java Applet.

I did find a way to create an Exception list for the computer:  https://community.spiceworks.com/how_to/123766-java-site-exceptions-list-and-certificates-for-all-users

but, this option takes away the user's ability to have their own list or to add the web sites that they want and the list will be managed by the local administrator.  Equally important, if I used the above mentioned web page documentation then it will overwrite any Java exception list that the user already created.  We do not want to go that route.

Is there a way to allow internal web addresses to have a lower Java Security level then external web addresses?  TO actually allow Java to be run on those internal web url's.
0
FileZilla-Server-Connection-Issues-.docxFileZilla Server SFTP connection issue from outside network. I need help resolving issues with sftp connection to filezilla server from outside network. Please see attachment for details for my current Router, FileZilla Server, and FileZilla Client configurations.
0
We've got an issue, an IIS web application can't access a file on a shared drive.
The app pool credentials are the same as the desktop user credentials we are logged in to the server's console. The account is a domain user account and also an administrator on this web server (it's an intranet server). The anonymous authentication is set to "application pool credentials".
From the windows UI the shared path is fully accessible both via an UNC path and mapped drive, but running from the web app we are getting an "LOGON FAILURE"  in the Process Monitor log.
I tried to create a virtual directory pointing to that shared drive, but IIS can't access the web.config neither, displaying a 500.19 server error with a error code 0x8007052E

I don't understand, what could prevent a domain account to access a shared folder on another machine in the same domain just because it is being running from an IIS process?
0
11/26 Forrester Webinar: Savings for Enterprise
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Dear Ladies and Gentlemen

we need to find whether D-Link DWM-222 Dongles have any security vulnerability (with latest firmware update).
Do you know any? If not where should I start?

Thanks
0
My fiancée's mother exchanged her laptop for a pawn loan 3 months ago and she bought it back today. The laptop had no password on it. Just turn on the power and your in. Now she is staying with us for a bit and wants our WiFi password so she can connect to the internet with it.

The problem is I am very worried about her laptop compromising the security/safety of my family and their devices. (I.e., In 10 seconds couldn't the pawn owner turn it on and install spyware that could spread to everyone's devices connected too it?!)

I Just wanted to get some feedback from professionals out there on what you would do in my scenario, what are some worst case scenarios and how likely are they too occur? Would you let her login too your WIFI? (Part of me wants to just burn it and buy her a new one)
0
Hi All,

We use WatchGuard as our firewall and have Dimensions setup for reporting. What is the easiest way to find out and possibly monitor all users that have some form of file transfer either ftp, or web/app based such as dropbox etc?

Can this be done / how best to view this info or set this up?

Cheers,
Paul
0
Dear Gurus,

Could you please advise difference between ADC ( like F5 , A10 etc ) and WAF ( Imperva , Fortinet ) , its main features, and where it will be placed in a topology ( such as DMZ ,SErver Farm , Core Switch etc )

Regards,
Sid
0
I have (2) Watchguard M270's configured in a firecluster.

Interface 0 is the External interface configured with a /28 block.
Interface 1 is the LAN

We have consumed all of our IP's so I ordered another /28 block from our datacenter today. As soon as I configure Interface 2 for our new IP block, outbound traffic for the most part ceases to work on our network, however some things do work.. so we'll call it intermittent. As an example, I can ping out to 4.2.2.2 but can't ping 8.8.8.8. As soon as I disable Interface 2 that is configured for the new IP block, I am able to ping 8.8.8.8 again.

I'm assuming this is because we now have 2 WAN interfaces configured and outbound traffic doesn't know which interface it should be sending traffic out on but I couldn't be sure. I've made 4 calls to Watchguard support and nobody can identify the problem. I even had our datacenter issue us a different IP block just to rule out any kind of odd conflict but the problem persists with a new IP block.

Am I going about this all wrong trying to have 2 IP block's configured on our Watchguard? Is the better solution to just order a bigger block of IP's and re-IP everything? I was trying to avoid that hassle by just adding an additional block of IP addresses but it seems that what I'm trying to do here isn't working..

I would appreciate any advice or input that someone could give on this. Thank you!!
0
We are using EAP-TLS on our Microsoft NPS 2012 R2 server. Everything was working fine then I had to update PKI from SHA1 to SHA2, pki is healthy and certs have been distributed domain wide. For some reason I cant get the wireless EAP-TLS policy to work.

"NPS2","IAS",09/27/2019,08:30:59,3,,"DOMAIN\USER",,,,,,,,0,"IP","WLCA",,,,,,,5,,8,"311 1 IP 09/26/2019 20:43:48 8644",,,,,,,,,"5d8e00a3/MAC/759603",,,,,,,,,,,,,,,,,,,,,,,,,"Secure Wireless Connections",1,,,,
0
Hello,

My site has not stopped planting for a while.
I was advised to check my logs and I see that there is this IP 150.918 times in my logs from 00:00:07am to 12:36:01am

ip.png
what do you advise me to do?

I added this Deny from 104.248.248.206 to my .htaccess but ip continues to show...

Thank you for your advice,
Jaber
0
Dear Experts
We have to deploy mail server on-premise for which we have thinking to go for microsoft exchange server.
my network consists
•      server virtualization -vmware infrastructure.
•      two ISP’s for high availability and windows AD for user management.  
•      CISCO ASA with FMC  
The user base we are looking for email server is too small that is 25 users. please suggest the email security solution that we should be considering  please recommend few best products for the email security. thanks in advance.
0
Two separate businesses using the same domain name have now merged into one.
This is the first time I've ran into this and hope someone could shed some light. We've recently acquired a new client who at one point had two domain controllers. Server 2008 and Server 2012. They moved Server 2012 over to a new location as part of a different business, but kept the same domain name. Server 2008 AD sees the 2012 as a DC, However 2012 doesn't see 2008 as a DC. They are now on different networks, but recently was configured to tunnel back to corporate to share resources.

What I'm trying to accomplish: Join a 2016 DC to their corporate to decommission 2008.

Error I'm getting when promoting 2016 to a DC: "Active Directory preparation failed. The schema master did not complete a replication cycle after the last reboot."



What I've gathered so far.

Server 2008 - DC - samedomain.local - Corporate Office

At one point was replicating to 2012.
Server 2012 - DC - samedomain.local - Remote Office

No longer replicating from 2008.
Recently a WatchGuard VPN was put in so the two locations could talk and share resources. Different IP schemes, and they don't know about each other.

My Question: Can I safely remove 2012 DC from 2008 to stop attemping replication and at the same time continue to operate both under the same domain names, but seperate?

Remote Office will still use 2012 to authenticate locally until we can sit down and plan out a migration plan several …
0
PMI ACP® Project Management
LVL 19
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

hi any document or link where explain which security policies apply or create documentation of security policies
0
Dear Experts

Can you please help with list of common security incidents , require this to prepare document for ISO 27001.thanks in advance.
0
I have a huge number of messages in my VPN router LAN access from remote. And I do not know where are they coming from. No email server is setup, it does not seems to have any games on it. the only thin I have created a port for RDP  and forward that port so I can access the server from ouitside

Please advice
0
Dear Experts
I am looking for few core points for ISMS objectives for IS027001 can you please on each of the section that it contains please. thanks in advance.
0
Hi Experts,

what is difference b/w source-nat and destination-nat? i believe source nat is just hiding your internal IP behind the public IP address, and destination NAt we use in mainframe system or headless devices that do not have a default gateway. this concept driving me bananas. i really appreciate your clear answer.
0
i have traffic coming from outside world to watchguard  firewall to citrix netscaler which goes to internal  asa firewall  and then to internal network.

our citrix netscaler also has the  same certificate for sts.domain.com ( service communication certificate)  which is being hosted on our internal ADfs server ( windows server R2)

we dont have ADFS proxy server as of now

recently we had password spray attack on our internal ADFS server

and we could not determine source IP on our internal ADFS server

i wanted to know following:

1) i read in articles  that windows server 2012 r2 has extranet lock out feature and adfs 2016 server also has extranet lock out feature so is there any difference between the 2 as far as
protection from password spray attack is concerned.

im the scenario i explained regarding traffic coming from outside to watchguard firewall - netscaler- asa firewall, where should i place WAP server and how it can help in mitigating password spray attack


are there any good tutorials for upgrading windows server 2012 to 2016 adfs server and how proxy adfs should be configured

we have mailboxes in 365 and ad accounts are synced through aad sync to azure AD.

i came to know from Microsoft that messages are being redirected from office 365 to internal ADFS sever and it is not authenticating , so what other steps i should take

to protect from spray attack just proxy ADFS server is sufficient or some conditional policy should be applied …
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.