Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi All,

My company Scenario:

I have connected the branch office to main office using VPN.

Main office is running under domain environment and using a Watch guard as a firewall.
Branch office is running in a work group environment and using a Billion VPN Wi Fi router.

VPN has been set up between Watchguard Firewall (XTM26) and Billion Wifi Router (Bi Pac 8920nz)

VPN is working fine. I am able to take remote of all the computers located in to the branch office using "Microsoft Remote Desktop" from the main office.  

Problem:

I am not able to ping any of the branch office computers. I can ping branch office wifi router and network printer only. What could be the reason?
0
Prep for the ITIL® Foundation Certification Exam
LVL 11
Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

First timer here with a Sonicwall Soho wireless. I want to integrate it into a network where currently Verizon FIOS is providing Internet connectivity to one Server and three Windows 10 Pro workstations. Server is the only DC.

I'm almost certain the Verizon router's IP is dynamic, but will check when onsite.

I am thinking that the Sonicwall appliance should be set up physically where I run a CAT5 from the Verizon Router's LAN port to the WAN port on the Sonicwall, and then from the Sonicwall's LAN port to the switch.

Is this correct implementation? Any insight would be greatly appreciated.

Verizon Actiontech RouterMI424WR
Sonicwall SOhO Wireless-N
DellServer 2008 set up as DC
3 Windows 10 Workstations
0
Hi  all, please help me on this.
in the palo alto monitoring I see the ip is allowed by policy but the session end reason showing" tcp-rst-fromclient" means pls advice me this is the issue causing due to firewall denying or dropping traffic or issue on the client end.
0
hi all got an snmp alert received an hp spectrum which polls &  captures  snmp logs from all network devices within our network.a week earlier seen alert polled by hp spectrum showing management agent lost on Palo Alto passive firewall device ,no alert for active device but as verified the passive device status is up & able to reach all snmp poll servers but the alert still stays generally which will be cleared automatically as temp fix. verifying both the active passive snmp configurations observed no changes or different .can help what else need to be checked on these palo alto devices further which causing this alert.
0
Our Solarwinds admin guy said he can't set up rules unless a sample event is sent to solarwinds.

We have about 70 events from an app : so far the apps team only could get someone to login/logoff
to simulate once such event but for the other 69 events, need to do reboot etc which they can't
unless there's downtime.

Attached is the full list of snmp events our apps team gave to me.

I'm wondering :

a) what exactly our solarwinds admin is expecting or hinders him from creating rules?  He's
    elusive & extremely busy (ie no time to show me)

b) are there free tools like snmpwalk etc which I could trigger sample events?

I'm sure Cisco devices & Windows events which are currently sent to the solarwinds will
go through the same process to be monitored but really doubt the network chaps will
send the 100+ Cisco event types to Solarwinds for them to be monitored.
SAA-Event-Distribution-Snmp.XLSX
0
Is cisco umbrella professional [openDNS] a replacement of anti malware, or is it still needed something like anti malwarebytes
0
Hello All,
I'm working toward my CCNA security and I'm using GNS3 for labbing, everything seems to be working fine but for some reason the connection between my ASA and my local PC is very sporadic, it connects and disconnects on its own for no reason or that's what it seems like and its very frustrating, I've attached my topology.
My Local network is on a 192.168.1.x subnet, the cloud in the topology is representing my local pc.
I can ping 8.8.8.8 from the G/0 interface of the ASA and I can also ping the my local router at 192.168.1.1.
My Local pc is 192.168.1.11 which is on the same subnet but it doesn't always work, my pc's IP/MAC is in the arp table of the ASA and everything matches, I have no firewall enabled on my pc and no AV. Any help would be appreciated..
ccnasecurity-lab-topology.PNG
0
Is it possible to stop/disable tacacs on a member of a Cisco ACS cluster? I would like our reporting and monitoring server to NOT be able to respond to tacacs requests. Is it possible to stop that? What is the process?

Is it possible to make this disablement persistent so that if this ACS cluster member reboots, tacacs remains disabled when it comes back up?
0
We decided not to spend that  60k/year on external consultants services to do scanning for rogue AP/SSIDs.

I noticed the consultant run a software tool on their laptop.  Any tool that could give a decent PDF report
certifying there's no rogue Wifi AP around will be most welcome.   Need something easy to use
0
Asked by a client that has contractors working for him and want to monitor their work is networklookout.com is a safe software.
0
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Just  bought  Samsung Galaxy Tab S2 9,7 without Android 7.0 installed. Not I can't connector to my PC over wifi using Windows/Samba  connection.
File Expert hangs while trying to connector.
My old tablet with Android 4.4.2 connects  flawless.
Any suggestions?
0
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense Magazine.
1
I have been using SonicWall for years. Never really thrilled with their support (primarily a language barrier until recently) but their content filtering seems to be problematic. I spend more time on the phone with them trying to keep it running correctly than it is worth.

Does anyone else use SonicWall for content filtering and in your opinion is it easy to keep running? Any comments about sonic wall in general?
0
Hello we're attempting to force users to log into Store Front using either their CAC or PKI Certs.  Reading the below article

https://docs.citrix.com/en-us/storefront/3-9/plan/user-authentication.html#par_anchortitle_904a

Under Smart Cards, it says "you configure Citrix Receiver for Windows for pass-through authentication and enable domain pass-through authentication to StoreFront."  is there a way to centrally configure Citrix Receiver, or does this have to happen locally on users machines?  Our domain has only user accounts, the only machines are our servers.
0
Hi,
Having trouble with workstations running a new software program that uses a SQL DB on an SBS 2011 server (Medtech32 Medical Software.)
Disabling the Server's Firewall allows it to run on the workstations.  I've added the Firewall rules to the Server as stated by Medtech but it still doesn't connect.  Any ideas?
The ports as per their docs are:
TCP Port 3050  on internal LAN/WAN
UDP Port 300 on internal LAN/WAN

Thanks.
0
We have an SFTP setup and have a client that wants to know what protocols/hashing algos/encryption we allow.  I found this info, I'm not sure if this is good... should any of these be disabled?  Any insight would be helpful.

Thanks!

[root@clientsftp ~]# ssh -Q cipher
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
[root@clientsftp ~]# ssh -Q mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
hmac-ripemd160-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com
[root@clientsftp ~]# ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
gss-gex-sha1-
gss-group1-sha1-
gss-group14-sha1-

Open in new window

0
Where and how can I see Azure password policy?  Or is it all based on AD password policy?
0
Hello EE,

Our VPN firewall prevents ipV6 (blocks) so our Visual Studio debugger is failing to connect.
I wonder if anyone knows of a way in Visual Studio to turn off ipV6 and only use IPv4.
0
Server is Windows 2012 R2. Clients are Windows 10.

VPN is a Watchguard SSL VPN. Users are connected on fast VDSL connections.

When Offline Files is enabled, users connecting via the VPN can no longer see any folders other than those already synchronised. File explorer shows the computer working in offline mode.

I have checked the network location, and this shows 'domain' as expected.

It appears that when connected to the VPN, Windows is perfectly happy to authenticate against the network, browse network shares it's never seen before, there are no speed issues, etc, but the minute offline files is enabled, Windows (file explorer only) thinks the computer is offline.

There is no GPO set to describe the slow speed threshold, so the default of 500kbps should be true. The connection is operating nearer 80Mbps.

I've set a GPO "Computer Configuration > Policies > Administrative Templates > Network > Offline Files > Configure slow-link mode" to disabled, which seems to have resolved the issue.

However, I'm more concerned that Windows believes the computer to be offline when it isn't, and I wonder if there's a firewall issue I should be aware of?

Any pointers?
0
A Cyber Security RX to Protect Your Organization
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

i have 4 networks connected to firewall and all routed and working fine

now i need to stop 2 networks communicating with each other

need a simple way.
0
Hi,
 
 I have a Windows 2008 server (domain joined). As you can see in the events listed below, unknown user account 'beuser' has successfully logged in to Terminal server from IP address Network Address:      85.31.101.229 using Port#      50227 with Workstation Name "ШУРА-ПК".
 Clearly this user name BEUSER does not exist in Active Directory. When I run IP Trace, It says: Continent:      Europe (EU) Country:      Latvia and we don't have any computer user living outside US.

 How is it possible for anyone to log in wit this user account?
 Is the port# 50227 is designed to accept BEUSER?

 I have Linksys Router that does NAT and port forwarding and I run Backup Exec software on the Domain Controller.

 Can you help?

-----------------------------------------------
An account was successfully logged on.

Subject:
      Security ID:            NULL SID
      Account Name:            -
      Account Domain:            -
      Logon ID:            0x0

Logon Type:                  3

New Logon:
      Security ID:            Domain_Name\BEUser
      Account Name:            BEUser
      Account Domain:            NHECO
      Logon ID:            0x147e7e
      Logon GUID:            {00000000-0000-0000-0000-000000000000}

Process Information:
      Process ID:            0x0
      Process Name:            -

Network Information:
      Workstation Name:      ШУРА-ПК
      Source Network Address:      -
      Source Port:            -

Detailed Authentication Information:
      Logon Process:            NtLmSsp
      Authentication Package:      NTLM
      Transited Services:      -
      Package Name (NTLM only):      NTLM V2
      Key Length:            128
-----------------------------------------------------------------
0
We are building a horizon View environment and we need 2FA.  Of course, we are looking at RSA and we are looking at Radius, but I was tasked with finding out what others are using.

I recently ran across DUO and wanted to know if anyone has had any experience with it.

I would appreciate feedback on what 2FA people are using with VIEW and what they like and dislike.

Thanks
0
Our company are using Palo Alto Firewall ,we received the critical alert "Top 5 attackers" and the source is from one of the application server. What does it mean and what should I do .Please advice.Thanks
0
I am trying to create a policy to enable/block specific traffic that my T30-W is handling. I haven't been able to find a good answer as to what each column in the Traffic Monitor means.
0
Hi Guys

I need to find a way to allow the 10.0.0.0/24 network to be reached from 10.10.1.0/24 – 10.10.3.0/24 networks. Given little documentation, I need the help to allow for communication between the networks, trying to achieve the below (sorry, I know it is sketchy)
 
10.10.1.0/24 >>> PING >>>> 10.0.0.0/24
10.10.3.0/24 >>> PING >>>> 10.0.0.0/24
 
10.0.0.0/24 >>> PING >>>> 10.10.1.0/24
10.0.0.0/24 >>> PING >>>> 10.10.3.0/24

The below is .conf file I pulled from our OpenSwan 2.2.6, this .conf file is for our 10.10.1.10/24 network (the 10.10.3.0/24 network is similar)
 
conn ifly-pen
        auto=start
        type=tunnel
        left=%defaultroute
        leftsubnets={172.17.0.0/16 10.0.0.0/24}
        leftid=54.153.249.30
        right=115.70.193.138
        rightid=115.70.193.138
        rightsubnets={10.10.1.0/24}
        authby=secret
        ike=aes128-sha1;modp1024
        esp=aes128-sha1
        pfs=no
        forceencaps=yes
        force_keepalive=yes
        keep_alive=10
        ikelifetime=8h
        keylife=8h
 
You can see, the leftsubnets allows for communication to the 10.0.0.0/24 network from the 10.10.1.0/24 network. However, in the 10.10.1.0/24 network, when I ping the 10.0.0.1 IP address I get no response, see Ping.png and Tracert.png
 
Our OpenSwan IP is 172.17.0.6 and it is a VM in AWS, you can see the above is routing through the 10.10.1.1 (on the 10.10.1.0 network, router), through to the 172.17.0.6 but then goes …
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.