Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

We would like to know EE opinion on wireless cams system.  We have been presented with Lorex wire free 4 cams system.  We know nothing 100% secure and everything is hackable, yet we would like you opinion how secure is this type cams really are.  And maybe any specific brand you guys have worked with.
0
Prepare for an Exciting Career in Cybersecurity
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Hello Experts - I'm looking for advice with a shared dmarc in an office building.  We moved our office to this building about a year ago and it was empty at the time.  Since then, we've begun adding two new neighbors.  The data connections for everyone comes in downstairs at the dmarc and both of the other companies are in finance and (rightly) concerned about data security.  Verizon fiber comes in off the street and into the building.  It is plugged into a Verizon rack and then extended out to each tenant.  Not that I would do this, but there is nothing stopping me from going in and unplugging their data connection since I have access to the room and vice versa.  Or if I was nefarious, placing some kind of pass-through device between the Verizon gear and their extension to capture data passing through it.

We can't be the first company to deal with this but I'm not finding much information about how this normally gets handled.  I've inquired with my ISP about getting Verizon to setup separate gear for each tenant that can then be physically secured but I'm told that it is very difficult to get them to do this.  What do other companies in shared spaces do when data security is a concern?  Surely people aren't just relying on the good and trusting nature of fellow IT professionals to just not cause problems?
0
I have a customer who is wanting to ensure his staff can't take any data with them.  We can lock down USB devices (Thumb drives, Hard Drives, etc), but he's now concerned about them accessing things on the server and getting them off by using web mail clients (Yahoo, Gmail, Hotmail, AOL, etc) or file sharing sites (Dropbox, OneDrive, etc).  Short of blocking access to these sites (which would be a pain), is there any way to restrict their ability to steal his work?  And, if so, how difficult AND expensive would it be?

Failing that, is there some way of recording access so we can tell that John Doe accessed these 275 files today, and he was only supposed to be accessing 100 of them?

We're in a workgroup environment at the moment, switching to a Server 2016 AD domain.  All users are local admins on their workstations (Windows 7 and Windows 10).  A lot of the people in question will likely have to REMAIN local admins due to their software (AutoCAD, Quickbooks).

Please feel free to ask any questions for me to elaborate.
0
https://www.cscollege.gov.sg/programmes/Pages/Display%20Programme.aspx?ePID=pe8r29gaqc5voaoitct59bdi3m

Referring to the above, I've been googling for IM8 (Instruction Manual 8 for ICT)
to download but can't locate one.  Anyone knows where to download a copy
without attending the training?  A slightly outdated (say 2 yr old) copy is fine.
0
I want to sniff network traffic from my firewall to our SIP Cloud provider.  I have not used wireshark much.  Can someone give me simple rundown of how to do this?

I just downloaded the lates version of wireshark.
0
Dear Experts
We have hosted SugarCRM application on premise and for external users we have configured firewall that is hardware appliance fortigate 60C to function as SSL Web VPN where the users login to the firewall appliance portal and from here they access CRM application, they are able to login to the CRM through the  web VPN portal but the dashboard reports are not showing up, it shows blank dashboard but when we access directly to the CRM application we are able to see the dash board reports, please help me understand to where things are going wrong and how to fix it please.
0
We use Office 365 for Exchange. One employee's email account was compromised. HR received a request for changing direct deposit bank, from this employee's email address, and HR replied the email. But the request wasn't from the employee. The employee could receive all the normal emails, but not the ones related to this request.

How can we trace the original request email? How can we fix this issue?
0
Is it Enough to configure DHCP Snooping without ARP Inspection

I would like to know if it is efficient to configure just DHCP Snooping and do not configure ARP Inspection.
 I thought DHCP snooping is enough to avoid having Rogue DHCP in the Network. So what  else that ARP Inspection adds to the DHCP Snooping ?

Thank you
0
I had this question after viewing Watchguard Firewall xFlow Configuration.
0
if I wanted to test how secure the network is against being hacked or Ransomware attack - where would I start?

If I did something like the Certified Ethical Hacker Course or CREST Registered Penetration Tester. Would either of these courses help?

Thank

Ian
0
The IT Degree for Career Advancement
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Can someone tell if this connection is normal?  for some reason I have several computers that has about 1000+ connection to microsoft.com.edgesuit.net.    Please see attached file.  - thank you
0
I'm getting familiar with the SANS 20 critical controls and wanted to know if there's a document that goes through every alert and specifies the available tools and or solutions at every control?  This would be specifically more valuable to me if it was within a couple of pages for quick reference.
0
I'm looking to put together a document that basically states why we need to replace 5 or 6 switches and need a template that will have ROI, business reasoning for the change and possibly cost analysis.  I'm not familiar with the process, but I would like to get this going and I'm assuming there might be some type of template available?  

I'm also looking into proposing an ISE implementation as well and also need some type of documents or templates for completing this as well.  We presently have 3560s in the environment and we're looking to replace these devices with the latest and greatest that will also be OSPF complaint as well as ISE complaint we well.

From the ISE point-of-view, we might be looking to having a virtual appliance and also wanted to the know the pros/cons to this as opposed to having a physical device, if any.  Maybe the difference in cost as well.
0
Spectrum on behalf of Sony sent a client this e-mail: {Removed IP address below}

To whom it may concern,

Pursuant to Sony Interactive Entertainment LLC ("SIE") corporate policy, the below IP addresses were blacklisted from using our services because SIE detected activity that is abusive to our network services. In our determination, the abusive activity was not related to velocity or volume (many users behind the same IP address, i.e. NAT), but matched the specific patterns of known abuse of our publicly available services. This abuse may be the result of a computer on your network that has been compromised and is participating in a botnet abuse of our services.

The following table of IP addresses, dates and times should help you correlate the origin of the abusive activity.  The time stamps are approximate from our logs.  The actual timing of the events depend on the signature matched.  It is very likely to have occurred both before, during and following the times listed.

       Approximate Time Range (UTC),      IP Address, Reason
2018-07-23 12:46:00 ~ 2018-07-23 13:46:00 (UTC),   xxx.xxx.xxx.xxx, Account Takeover Attempts

It is most likely the attack traffic is directed at one of the following endpoints:

account.sonyentertainmentnetwork.com
auth.api.sonyentertainmentnetwork.com

These endpoints on our network are resolved by Geo DNS, so the IP addresses they resolve to will depend on the originating IP address.

The destination port will be TCP …
0
Scenario 10
This article is about building Dynamic Multipoint VPN tunnels in Cisco CSR1000V router with IOS XE. There are two CSR1000V hub routers configured with dual hub dual cloud Phase 3 DMVPN.
0
In the Gui, how can I check if UDP session timeout is set to 300 seconds?
0
Hi Everyone, our small SMB\company recently switched to hosted Office 365 Exchange based email. Before the switch, we had an "in-house" Exchange mail server.
We have about 10 or so domains registered for email delivery.

So here's the problem. Since switching to Office 365 our users are being bombarded with "Somewhat Legitimate" Phishing Emails that try and trick them into providing their logon credentials.
IE> Your account in box is full, click here to fix. Your account will be terminated if you don't click here and login .. and on and on and on.

I've mostly stemmed these by created rules in Mail Flow that block certain words and phrases contained in Subject\Body.

Thats said, any suggestions to better keep these emails out? This issue not nearly as bad when didn't host with Office 365.
0
Hello,
I install nginx with mod security … I want to use it as waf for backend web servers.
in this case do I have to enable reverse proxy on it ?
what's about the https servers ?
thanks.
0
I applied for a network engineer position and I was told verbally that I received the position from the American recruiter.  In the meantime, I received another job offer from a place I didn't want to work for...

The verbal was supposed to have been translated into a contract for me to sign, but it never did  and was told by the recruiter that the company had a management meeting and the position was postponed because of budgets or something to that affect.  I'm not 100% sure that this may have been so because I interviewed for the position once via phone and once on an in-person panel.  I'm not sure that the company would have invested so much time and energy to just have the position get postponed.  I did mention to the 3rd party recruiter that I received another job offer and he was supposed to speed things up, but maybe I caused my own dismay?

Do you think that I was past on the job offer or could this really have occurred?  This was for a very large company and the large companies I've worked for in the past, don't typically invest the time and energy for no results.  Since I went through a 3rd party recruiter and signed a representation contract, how long would I have until I would need to go through the 3r party, in case the opportunity does get signed off?   I do have the contact information of the company manager whom I met at the interview and I'm extremely tempted to send my resume with my contact information to this contact, but how can I do this without …
0
Simple Misconfiguration =Network Vulnerability
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

Hello Experts,
Just wanted to find out how do you guys dynamically update the Office 365 endpoints IPs and URLs that are published by MS for the proxy and firewall access? I know the RSS feed will be retired soon per what I read online and do you guys just run a PS script that grabs the info from the published XML file or there's a better solution/idea out there? Any input would be greatly appreciated!
0
I'm looking for opinions about setting up DMZ VLANs on switches that are also used for internal networking vs. using separate physical switches for DMZs and internal networks.  Any concerns or benefits you can think of for one over the other.  Assume Cisco equipment.
0
Scenario 9
This article is about building Dynamic Multipoint VPN tunnels in Cisco CSR1000V router with IOS XE. There are two CSR1000V hub routers configured with single tier Phase 3 DMVPN Cloud.
0
We have been hit with ransomware.  Please see the attached screenshot.

The file extensions have been changed to STG.

They hacked into the network, created admin users and made them part of the Admin group, created shares etc.
0
Dear Experts
We have hosted application on-premises which is behind the firewall.  the application runs on Ubuntu 16.4 server OS and with the components of apache2, mysql5.7, php7.x. This application has to be accessed from the external network( though the internet) which is located in other county from their office where the users will be behind the firewall.  we have to allow the access to them hence I have asked to share their gateway ip so that I can enable access only to this IP.  our hosted application by itself has authentication however we would like to add one more layer of authentication but the remote users will not accept any client software installing on to their local systems like vpn client or OTP SMS, or pass code call back.  They only prefer web based access to the hosted application and they are okay if we send the second level security pass-code to their official email so that finally we can achieve 2 level of authentication which is in additional to allowing their IP only to connect to our network.  Following were my recommendations
1.      Over internet (leased line circuit) Site to Site VPN between their firewall to our firewall so that end users will not have any additional efforts or vpn client not needed, this they denied as their IT policy does not permit to configure their side firewall
2.      Suggested MPLS VPN between their work location to our network but this also been rejected.
Now I am thinking of some solution like placing the Cisco ASA SSL VPN…
0
In a meeting we were told that it is possible to know or identify if a user hit a specific page and it’s contents even if the page is locked.  We understand that when a page has a lock it means SSL and that the data to/fro from the site to computer is encrypted.  Is this possible that even thought the page has a lock, there is  a way to identify the encrypted page that the user visited and identify the contents, if it has form or just regular page?
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.