[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

What free options are available to scan/search unstructured data (file shares and exchange mailstores) for sensitive data like PHI or PCI data?
Defend Against the Q2 Top Security Threats
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

I have a T70 device I'd like connect up via BOVPN with a XTM2 device (with wireless) at a home office location.  In front of the XTM2 I will have an AT&T uverse router in bridged mode.

I'd like all of the data from one port on the xtm2 to go back and forth over the BOVPN.  I'd like all of the wireless traffic to travel out to the internet.  

Can someone please tell me if this is possible and point me in the right direction for accomplishing this?   I've setup BOVPN's between two devices before but it was moving all traffic between both devices and I need to keep the wireless (home users) traffic off the VPN.
Cannot install the NDIS Capture Service on my NIC.
It states: "Could not add the requested feature.  The error is: This program is blocked by group policy.  For more info, contact your system adminstrator"

I am the system administrator.  There is not a GPO configured to block this installation.
I've looked for parameters in:
Computer Configuration | Administrative Templates | System | Removable Storage Access
Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restriction
I've run RSOP and there are no settings to this effect.

There are no settings inside either of these.

I've also checked local security and local group policy - there is also nothing defined there.

Anyone have any ideas?

Windows 10 pro, 17134.285

I've uninstalled Webroot Secure Anywhere thinking that might be the problem - no change
Attached is an SSL scan report (by Qualys) of 2 portals:

a) will such deficiencies flagged by Qualys be flagged by a blackbox pentest as well (tester is using Nessus Tenable)?

b) for the items highlighted in yellow, if we place a WAF & CDN in front of the portal, can the items be remediated?
    I heard F5 WAF could 'block' off SSLv3, TLS1.0 & 1.1 as a way of mitigating but what about the weak ciphers etc?

Have a Checkpoint NIDS as well if this is of any help.

We can obtain a fresh cert if needed  but concerns are:
a) we don't plan to change the A10 loadbalancer (that's used for the 2 portals): understand a number of what's flagged is due to this A10 LB
b) the applications team can't amend the codes within the short term (but we have only a couple months to remediate)
In one presentation by an IT regulator & Cyber Security Agency,
one slide mentioned about reviewing "Netflow" & a couple of
slides later, it require us is to perform periodic "review of
information flow" :

though I raised if these are related ie by reviewing "Cisco Netflow",
we are deemed to have addressed the requirement to "review
information flow" : the presenter doesn't quite seem to know,
thus I'm clarifying here:
does Cisco Netflow offers a form of documenting information
One of the monthly IT Security metrics in my previous place is
to show  # of 'High' DDoS alerts for the month (leaving out the
Med & Low ones), extracted from Arbor Peakflow of cleanpipe.

Attached is how one such extraction looks like: basically we'll
count the # of 'High' alerts.

In new place, question was raised how this data can be useful
as IT Security metric.

My guess is Audit wants to see a trend (of 6-12 months) of the
# of 'High' alerts for DDoS: if it's always about the same, no
alarm but, say for a particular month, it triples, it's a concern?

Anyone has any clue how this data (or any other Peakflows'
data) could be useful for presentation to serve as IT Security

Anyone has any Application DDoS security metrics that could
be useful as IT Security metrics?
I'm looking for samples/templates/checklists that cover the following 3 areas:
anyone can point me to the sources or share?  Planning to host some apps in AWS

• Recommended Due Diligence Activities – specifies the necessary due diligence
to be done in selecting cloud service provider.

• Recommended Key Controls for Cloud Outsourcing Arrangement – Highlights
list of recommended controls that Cloud Service Provider (CSP) should have in
place. Projects/Systems with specific needs should liaise with their CSP to
implement any additional specific requirements.

• Cloud Risk Management – highlights the potential risks of cloud and the
measures to be taken to mitigate risks.
If the last security policy in a zone pair on a Juniper SRX is a permit - is traffic between those zones still DENIED by default?
e.g. if the policy below was the last and only policy for the zone-pair - would all other traffic between those zones get denied?
set security policies from-zone trustzone to-zone trustzoneapp policy td-to-felinni01 match source-address td-edgenode01
set security policies from-zone trustzone to-zone trustzoneapp policy td-to-felinni01 match destination-address felinni01
set security policies from-zone trustzone to-zone trustzoneapp policy td-to-felinni01 match application tcp-21300
set security policies from-zone trustzone to-zone trustzoneapp policy td-to-felinni01 match application tcp-22217
set security policies from-zone trustzone to-zone trustzoneapp policy td-to-felinni01 then permit

Refer to above link: it's said Barracuda has a list of bad IP : how can we download it?
I would also like to download for SpamHaus & CBL & any other if possible?
We are considering Splunk, ELK or Apache Metro Hadoop  for SIEM.

I've encountered nightmares with a top-end SIEM in the past when
querying/retrieving data : takes days & even crash : which of the
above has excellent super-speed log management & querying?

I was told by an ex-colleague that Arcsight/Splunk requires CEF
(Common Event Format or syslog format) to be piped to them
as they can't accept any other format.  A vendor using QRadar
told me QRadar requires syslog/CEF format inputs too.
I've SNMP traps / MIBS events (eg: from Cisco & proprietary
devices) that my ex-colleague told me can't be accepted by
Splunk/Arcsight, so would like to know if any of the 3 above
tools are more readily able to accept other SNMP/other
event formats

Heard that ELK lacks policies which in the long run will be
costlier if we get consultants to customize : do the other
2 products have this concern.  
Also, Splunk Enterprise goes by amount of logs & we're
concerned that too much logs (can be 500MB/month)
 will make the cost high:  weighing between customization
/set-up PS efforts & licensing costs based on amount of
logs (which I guess we can archive off older logs to reduce
the license cost), which of the 3 are more cost-effective?
Turn Raw Data into a Real Career
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

what are some of the small business routers that will be recommended to come with guest wifi, vpn plus range of security features?
I'm drafting an SOP doc & need to spell out the specific roles/duties of
Firewall admins vs IT Security (governance) :

I'm not sure if RBAC (Role Based Access Control) comes into play here
but my view is:

a) all Firewall rules requests as well as proxy requests (say to whitelist
    a URL or permit certain file types to be saved/downloaded) are to
    be reviewed & approved by the IT Security governance as well as
    requestor's managers  while Firewall admins implement them:
    is this what's generally practised?

b) reviews of Firewall logs/events are jointly done by a network admin
     or lead or manager who is not an implementer of firewall rules &
     counter-reviewed by IT Security gov : certainly we hope to automate
     this by SIEM with UEBA but Audit still requires such events/logs reviews
     to be signed off by 2 parties

c) What about firewall rules review : which parties should review them?
    Certainly not firewall admins as they're the creator of the rules so
     they'll just sign off as "No issue" : it's a conflict of interest.  We had
     run into case where a critical & sensitive Prod server was permitted
     for access to entire organization.  Tools like Tuffin only review for
     "dormant" rules but not such rules created for "testing" but forgot
     to be removed.   Any tools could help with such detection?
Our users are MFA'd but Azure reports: "Sign-ins from IP addresses that are anonymous, such as Tor IP addresses."

How is that possible?

I have 3 different users reporting this for location = Chelsea, NY, USA

hi guys

We've had an email that looks like it has come from a bank claiming that one of their customers have had a fraudulent transaction on their card from one of our stores. I'm almost certain it is a phishing email of some sort.

I wanted to verify with you guys whether it is likely that the email address has been spoofed.

I won't be able paste the email address it is coming from. But as it claims to be from a bank, the sending server was the following:

Connection  Accepted
Sending Server (mail-eopbgr100089.outbound.protection.outlook.com)
Sending Server HELO
Connection Started
28 Sep 2018 5:45:45 PM GMT+01
Connection Finished
28 Sep 2018 5:45:45 PM GMT+01

Am I right to assume that any 'Bank' that is using Outlook as its sending server is using spoofing tactics?

If we don't subscribe to among the lowest-end  O356 Exchange Online,
how can we further secure our email defenses (if we don't purchase
filtering tools like IronPort & Proofpoint)?

I've heard in Postfix forum that they link Postfix server to SpamHaus,
CBL (pls suggest more free Site Reputation services for emails):    can
 Exchange Online implement this?  Can we integrate with Virustotal?

Based on threat intels we get, can we add the hashes into our NIDS
CHeckpoint (assuming email payloads pass through it or in practice
people don't do this?) or Exchange Online??

Will hardening our Outlook client, MS Office, Pdf reader (& all the
'Mobile Codes' softwares) help?
This may be a somewhat naive question but:
Is it "reasonably" secure to connect my PC to the office server (Windows 2016) using VPN (L2TP/IPsec) over public WiFi ?

Since using public WiFi (with or without a password) for activities such as browsing and email is a potential security risk, I always use a VPN service when outside of the office.

However, I am not so sure in the case of directly logging into the office server from the outside (to access files or carry out some simple management tasks). My main concern is having access credentials to the office network / server stolen. Lets say in a worst-case scenario the only internet access I have is a WiFi network with no password needed. Is it safe to use this to access the office server via VPN ? In case anyone is wondering I am pretty sure I don’t have any state actors after me !

Comments are appreciated.
Hi All,

I am using XTM 26 series watch guard firewall in the company. We have some remote location offices are running independently and they all have CCTV camera is installed. Now when I am trying to access all remote offices camera (P2P Connection) using company network, it is not connecting at all. While, I am switch to mobile network, I can see all the cameras of all offices and vice-versa.

I understand that, firewall is blocking something. To check it, I did some real time monitoring and I have found the following log message

2018-10-04 14:54:07 Deny 32761/udp 50222 32761 1-Trusted Firebox Denied 80 64 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148"

I already have created SNAT rule from any-external to internal DVR IP address and allowed the ports 80,32761,9000

Can anyone tell me that, What i am missing here.
How to find an unauthorized connection  in samba domain?
I have a samba 4.X domain on ubuntu 16.04. Is there software for Intrusion detection?
Hi Experts
I am planing to study the information security, I am working in the IT field long time ago
But I do not know any courses i can start by.  some of them told me that CEH is perfect and other told me  to CEH it is useless
please advice me
CompTIA Cloud+
LVL 12
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Need to block network users from being able to access BitTorrent (BMTORRENT).   I have a Sonicwall TZ-215 along with the premium content filtering.  I can block the URL of the usage, but can not determined the proper ports to target the service to block.  

Goal is to not have to upgrade to the "Application Control" that can detect the signature of the traffic or such.  I am fine with blocking the defaults or making more difficult for the person.  I understand that they could use other methods to avoid detection.

By "per domain" charging, does it mean that regardless of how many sub-URLs, the cost doesn't increase further eg:
all the above are charged at the $200/month per domain?

Under each of our subURL, we may have different applications, so doesn't CloudFlare mitigate by different application
& scale their costs/charges up accordingly as understand their cloud WAF protect by application besides the volume?

Or the DDoS defense component is by per domain while the WAF component is costed by per application/subURL?
We have deployed On-premises MFA server in the customer RDS environment.
The two factor is working perfectly when login in to the MFA user portal or using RDP icon downloaded from the rdweb site. But MAC users and Windows 10 users with the new Remote desktop APP are prompt twice for two factor. I suppose it’s because it connects to the RD Gateway in a different way than mstsc does.
I have tried to activate caching rules in the Azure portal. But I’m not sure if this will have any effect since we have installed the MFA server locally. Anyway, this have no effect on the issue.
We first tested with Duo two factor and also with this software users on Mac and Windows 10 app where prompt twice for the two factor.
Please advise.

I'm looking for similar competing products (preferably with local Singapore support presence) to provide
secure browsing of Internet and emails (these are the top 2 vectors of malwares): looking to adopt this
'logical segregation' instead of 'physical segregation':
I suppose this is more useable/implementable than doing physical segregation.

We have corporate Wifi too, so need to take this into consideration if it's relevant.

Can suggest a few products & local resellers (if available)?

if there's comparison of features (how each product fare against competitors), do provide as well.
It helps to justify the purchase.
To protect our corporate users from being compromised when they
connect to outside Wifi (which may be potentially rogue Wifi), is it
feasible if we implement MS Direct Access or Always-On-VPN?


The products above would establish a tunnel so the rogue Wifi can't
steal credentials nor data & with VPN established, I suppose malwares
can't infect the laptops as the rogue Wifi has no connection to the laptop
(tunnel-protected) or did I get this idea wrong ie can still get infected
even with such tunnel??

We still want the users to be able to access Internet but protect them
in the event they're using a rogue Wifi
What are some free proxies out there that could do blacklisting (& possibly greylisting)
as well as auto-block by know malicious sources (eg: get updates from SpamHaus,
AlienVault, bad Reputation sites & known sources of malwares).

Ideally the free proxies could also stop users from downloading executables or
a specified file types.  No plan to go for commercial ones like Bluecoat.

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.