Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

At NY Data Center, and UK and US Offices the IP addresses accessing in and being accessed out.


Objective is to identify suspicious / unauthorized access or data transfer .
0
Will your db performance match your db growth?
LVL 3
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Hi

We are using F-Secure for email filtering, and the F-Secure desktop provides some level of browser protection. I was wondering what people here would recommend for small business (5 to 30 user base) for email and web browsing solution?

Regards

Yamin
0
Hi,
I'm in the process of setting up SSO for users so we can control our internet access. We only want domain users to access internet and none domain users such (visitors) need to be blocked.

I have read a couple of articles but am still a little unsure which method to use, so here I am asking experts for guidance. I would also appreciate if someone can write step-by-step setup guide or an article that I can follow with some screen prints?

Please also point out any "gotcha"

This article says that "Event Log Monitor” has to be installed on all domain controllers, but later its talks about pushing out SSO client to machines which is also used for authentication, so am a bit confused if this is needed or not? Please clarify
http://www.skype4badmin.com/watchguard-sso-part-1/


and then this video also talks about "Exchange Monitor" for authentication.. do I need all of these options or will one suffice?
https://www.youtube.com/watch?v=qw8e85hXVcg

much appreciated!

Thanks
0
Our firewalls are not sync'ed to public DNS so we can't create rules by URL of playstore or appstore.

Our corporate mobile devices need to have push notifications & apps install :
what's the range of IP for appstore & playstore required & the ports to permit?

I heard appstore is a Class A subnet while playstore is probably a Class B:
is it a good practice to permit firewall rules to such big subnet ranges ?
0
We have just deployed a Cisco Meraki wifi solution and are trying to set up our wifi networks. However the domain is setup as XX.local.
the commercial cert authorities will not  give  a trusted certificate for XX.local, so we a trying to work out how to deploy a SSL that  is trusted to make wifi for things such as BYOD work seeamlessly , We have considered self-signed but that shows as untrusted, we also need to open  up security on trusted machines to allow it. Has anybody done this or got a good idea
0
[Webinar] Multi-Vector Protection from Cyber attacks
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data.

But that feeling is fleeting. Attacks these days can happen in many ways and from angles we never saw coming. That’s why companies like Webroot, who focus on security solutions, want to inform those of us in the IT security industry on best ways to protect ourselves from multi-vector attacks, not single endpoint protection.

Watch Webroot’s discussion of the complexities of modern-day cyber threats and how we can properly practice multi-vector protection for maximum security.
3
Hi,

Can anyone please tell me step by step how to stop a Watchguard XTM25 from blocking downloads of EXE files from a server hosted website (so need to add an exception as an IP address) .

Many thanks

Adam
0
Hi I am not able to connect Nortel switch 5650TD model through putty .
0
Hi,

Scenario -- Cisco 3550

1) Guest Network  --- 10.2.3.0 /24
2) LAN Users --- 10.41.0.0/16

I want that users with IP address (10.2.3.0/24) should not be able to access 10.41.0.0/16 network. But at the same time i want 10.41.0.0/16 to have access to this 10.2.3.0 network.

Is it possible in Cisco 3550 to achieve this.

Thanks
Mahesh
0
In an audit finding, critical PCs (used to transfer large funds n these PCs do not hv Internet
access Nor email clients in them)  were found to be pingable n could map drives to normal
PCs ( to hv internet access n drive sharing can propagate ransomwares/malware) in same
subnet.

We were told these 2 different categories of PCs she'd be logically segregated.  As we don't want
To create separate Vlans n do major network restructuring, Can we do
1. Super sub netting n use Cisco ACLs to segregate the 2 groups of PCs?  Is this ACLs
     using MAC address?
2. Create Windows firewall rules on the critical PCs
3. What else?
0
Free Tool: Path Explorer
LVL 10
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

2
I have a user that is abusing their privileges and would like to block services internally. A user wished to have the Dish Network application installed on their laptop to use while traveling. There has been reports that the use was using the application in the office while on the network. I wish to block services to this application while on the internal network. I currently have Palo Alto firewalls on the network. How do i block this service from my internal network?
0
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
0
I know very little about watchguards (or really most complex firewalls).  I have 2 watchguards in location A and location B.  looking at the policies on the main office's watchguard, I have 16 rules.  wonder which are needed?  

This is an XTM21 (old unit, right?)

it takes a few seconds to go from screen to screen / get the list of firewall policies, etc. 'retrieving data' on screen for 9 seconds... there's 16 policies in the list.  Is that a long time for pages to load?

a) do you just replace watchguards after x years because they are old?
b) do you reboot them on a schedule? How often? every week? month? year?

This watchguard is set up for:Exchange on the SBS server on the LAN, General surfing from inside the office, VPN to the other location and phones being able to connect to the exchange server from outside.

How many rules should those take?

Looking at the policies, I think this is what are set up. I inherited this network so may be unneeded / defaults that came with the box?
FTP OUTboundSMTP (192.168.2.3 to Any external)
GeneralProxy (From HTTP-proxy to ANY  Trusted)
SMTPtoMailSrv (From ANY to 75.127.x.x->192.168.2.3)
HTTPtoMAILSrv (From ANY to 75.127.x.x->192.168.2.3)
POP3toMailsrv (From ANY to 75.127.x.x->192.168.2.3)
IMAPtoMailsrv (From ANY to 75.127.x.x->192.168.2.3)
HTTPStoMailsrv (From ANY to 75.127.x.x->192.168.2.3)
RDPtoMAILsrv (From ANY to 75.127.x.x->192.168.2.3)
Voicecom mail system (From ANY to 75.127.x.x->192.168.2.3)
Watchguard …
0
Hi
I have to enable TLS 1.0, 1.1 and 1.2 in Internet Explorer on my laptop before a VPN can connect? how can I change this settings so I don't have to enable these in IE?

Thanks
0
I have an netgear wndr3800CH router
And a WD my cloud 1tb NAS drive

I'm working with a surface pro 4
I would like to have access to my NAS drive out side of my home network.

I can accent it though a web portal but I'd like to do it though windows mapped drive.

As if I was at home any guidance would be appreciated if diffident hardware is needed I'm open to inexpensive options.

I do have charter business as an ISP. For an static up address
0
I need a web service to remain secret and would use CloudFare or a similar technology to prevent DDoS attacks. Aside from DDoS, what other types of attacks are possible?

I assume my web service domain would be totally hidden, but need to be sure there is no other known threat to it.

Thanks
0
What options are there to protect a web service from a DOS attack?

IF the web service were accessed only by my Objective-C iPhone application, and nowhere else, is this web service protected by the "security through obscurity" model? Or, can hackers crack open the source code of the iPhone app, like Apple can?

What about if I put the URL to the web service into the SQLite database and encrypted the Path?

So, when my app needs to request information from the web service, it does a DB lookup in the SQLite database for the path to the web service. When it gets it, it decrypts it. Then, using a variable (in memory) only, it makes the web service call.

Does this protect from a DOS attack to that web service call?

Are there easier ways?

Will this work on Java for the Android?

What about on my website?

Thanks.
0
We have an Azure setup like this:

Internet --> Azure Region --> Vnet-1 --> Subnet-1 --> VM-Appliance(Router) --> Vnet-2 --> Subnet-2 --> VM-Server

The Internet can connect to the VM-Appliance(Router).

The VM-Appliance(Router) can connect to the VM-Server.

HOWEVER, the Internet cannot connect to the VM-Server.

We need someone who fully understands Azure networking, Vnets, peering, routing, interfaces, packet forwarding, network security groups, etc.
0
Introducing the WatchGuard 420 Access Point
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

I am new to PA firewalls and wonder what's other's opinions compare to Ciscos please.  I heard they are user-friendly but security guys hate them.  They can be very pricey as well.
Thanks in advance!
0
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
0
I am creating site to site ipsec vpn tunnel with cisco asa 5506x and 5555. Now the 5506x firewall i m keeping it in dmz. Can i keep the outside int and inside int ip  of 5506x in same subnet.
0
6
 
LVL 2

Expert Comment

by:Juana Villa
I have always found sad that people use their skills and knowledge to hinder/hurt others. So, I really like that this article is encouraging people to use their skills on an ethical way.
1
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
Just donated all my waiting shirts.
1
Hello,

I have an ASA 5512-X with the IPS SSP module enabled. I am currently setting this up using scenario 1 shown here (https://www.cisco.com/c/en/us/support/docs/security/ips-sensor-software-version-71/113690-ips-config-mod-00.html#scenario1).

The problem that I am having is that I can ping the IPS SSP from the ASA itself, however, when pinging the IPS SSP from an internal host, the ASA is dropping the traffic with the following reason:

313004      Denied ICMP type=0, from laddr 172.16.10.6 on interface inside to 10.0.2.85: no matching session

From the IPS I can ping internal hosts.

Below is my config of the interfaces and IPS module and showing that I can ping from the ASA.

ASA(config)# sh run int g0/2
!
interface GigabitEthernet0/2
 nameif inside
 security-level 100
 ip address 172.16.10.2 255.255.255.248

ASA(config)# sh run int m0/0
!
interface Management0/0
 management-only
 no nameif
 security-level 0
 no ip address


ASA(config)# sh module ips details | in Mgmt
Mgmt IP addr:       172.16.10.6
Mgmt Network mask:  255.255.255.248
Mgmt Gateway:       172.16.10.2
Mgmt Access List:   0.0.0.0/0
Mgmt Access List:   10.0.0.69/32
Mgmt Access List:   10.0.2.80/32
Mgmt Access List:   10.0.2.82/32
Mgmt Access List:   10.0.2.85/32
Mgmt web ports:     443
Mgmt TLS enabled:   true
TICFW1(config)# ping 172.16.10.6
Type 

Open in new window

0
How does someone stay on the right and legal side of the hacking world?
9

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.