Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

Two separate businesses using the same domain name have now merged into one.
This is the first time I've ran into this and hope someone could shed some light. We've recently acquired a new client who at one point had two domain controllers. Server 2008 and Server 2012. They moved Server 2012 over to a new location as part of a different business, but kept the same domain name. Server 2008 AD sees the 2012 as a DC, However 2012 doesn't see 2008 as a DC. They are now on different networks, but recently was configured to tunnel back to corporate to share resources.

What I'm trying to accomplish: Join a 2016 DC to their corporate to decommission 2008.

Error I'm getting when promoting 2016 to a DC: "Active Directory preparation failed. The schema master did not complete a replication cycle after the last reboot."

What I've gathered so far.

Server 2008 - DC - samedomain.local - Corporate Office

At one point was replicating to 2012.
Server 2012 - DC - samedomain.local - Remote Office

No longer replicating from 2008.
Recently a WatchGuard VPN was put in so the two locations could talk and share resources. Different IP schemes, and they don't know about each other.

My Question: Can I safely remove 2012 DC from 2008 to stop attemping replication and at the same time continue to operate both under the same domain names, but seperate?

Remote Office will still use 2012 to authenticate locally until we can sit down and plan out a migration plan several …
Bootstrap 4: Exploring New Features
LVL 13
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

hi any document or link where explain which security policies apply or create documentation of security policies
Hi Experts,

what is difference b/w source-nat and destination-nat? i believe source nat is just hiding your internal IP behind the public IP address, and destination NAt we use in mainframe system or headless devices that do not have a default gateway. this concept driving me bananas. i really appreciate your clear answer.
i have traffic coming from outside world to watchguard  firewall to citrix netscaler which goes to internal  asa firewall  and then to internal network.

our citrix netscaler also has the  same certificate for ( service communication certificate)  which is being hosted on our internal ADfs server ( windows server R2)

we dont have ADFS proxy server as of now

recently we had password spray attack on our internal ADFS server

and we could not determine source IP on our internal ADFS server

i wanted to know following:

1) i read in articles  that windows server 2012 r2 has extranet lock out feature and adfs 2016 server also has extranet lock out feature so is there any difference between the 2 as far as
protection from password spray attack is concerned.

im the scenario i explained regarding traffic coming from outside to watchguard firewall - netscaler- asa firewall, where should i place WAP server and how it can help in mitigating password spray attack

are there any good tutorials for upgrading windows server 2012 to 2016 adfs server and how proxy adfs should be configured

we have mailboxes in 365 and ad accounts are synced through aad sync to azure AD.

i came to know from Microsoft that messages are being redirected from office 365 to internal ADFS sever and it is not authenticating , so what other steps i should take

to protect from spray attack just proxy ADFS server is sufficient or some conditional policy should be applied …
I have just run a new vulnerabilty scan and one of the clients has come back with an Xserver warning that it accepts connections  from any client.  I know what xserver is and the risk it poses.  My question is, how do I configure it/restrict connections?
Network team lead argued that audit finding for following Cisco item
is not valid:
>aaa accounting commands 0 default start-stop group XX_TAC
 which Audit recommends (as per CIS benchmark) should be:
>aaa accounting commands 15 default start-stop group XX_TAc

Network team lead argued that 0 is equally or more secure
than 15.

I'm no network engr, so anyone care to comment?  Any
other authoritative sources (beside CIS) will be helpful
just had two sites fail pci compliance tests with certificate errors on sonicwall tz180.  trustwave does the scans and this is what they said: The server should be configured to disable the use of the deprecated SSLv2, SSLv3, and TLSv1.0 protocols. The server should instead use stronger protocols such as TLSv1.1 and/or TLSv1.2. For services that already support TLSv1.1 or TLSv1.2, simply disabling the use of the SSLv2, SSLv3, and TLSv1.0 protocols on this service is sufficient.
i have no idea how to do what they said.  any help is really appreciated.  thanks

We're considering moving to a co-working space and I had a conversation about network security with the person that manages the network.

We were discussing different options and he made a statement that seemed odd to me.  I had asked about MAC spoofing as a potential way to circumvent a solution he had proposed (can't remember exactly what it was but I don't think it matters).  His response was something like ", our routers are able to detect MAC spoofing."  They are using a Meraki MX-84.

When I asked him how the router was able to detect MAC spoofing, he wasn't able to answer.  I know that doesn't mean the router isn't capable of it, but it piqued my interest enough to post here and see what you all had to say.

Is this something that the router is able to detect?  If so, what is the mechanism it uses to identify it (i.e., how the heck does it know)? :D  

Thanks in advance for any help.
We have a SonicWall 2650 with Content Filtering enabled to restrict website activity for those on the physical network and those on VPN. We are having problems with folks using their company devices to go to non-authorized sites when they are not on VPN or on the physical network. They are using a company-issued wireless device or their home ISP to gain internet access. It would be great if we can somehow force all of their traffic to go to our SonicWall for filtering without having to create a VPN connection (tends to slow things down on these machines).  Perhaps a proxy server (but only for external users since our internal users are already protected by the SonicWall?  Would it be best to install a third party product to block site access (would have to work on all possible browsers)? Maybe something else? Looking forward to your suggestions.

I would like to use Piehole (or another add blocking/security enabling feature) for my home network.
My Synology NAS supports Docker, so I stumbled upon this article:
Not going to buy a Pie, my Synology is good enough and dont want extra hardware to buy/maintain/configure anyway.
I like the idea of Docker/containers since I do think it is the future, I have no Docker experience whatsoever for now. My questions:
-is Piehole the right protection tool to use or are there better (Docker) solutions?
-if I follow the procedure described, what to do then, just point my dhcp dns to the ip of Synology? Any config I can do to the Piehole? Then where?  Not clear to me.
-I also have a Synology Router mc2200 ac, can/should I combine it's security features?

Thanks for your input!
Exploring SharePoint 2016
LVL 13
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Hello, I keep getting hit by DDoS attacks and I'm looking for guidance... I have a Cisco Meraki MX64 Firewall in place which has the intrusion detection turned on. I'm wondering if there is ports I can block on the FW to stop the DoS attacks from happening or reduce them. At the moment, I'm having to change the IP address regularly to stop this from happening, but it is only temporary.
What are the security & compliance requirements we can safely
demand/expect from Oracle ERP (Enterprise Resrc Planng) Cloud.

Likely Finance, HR, Procurement modules will be used in this
cloud ERP.

a) Data sovereignty: DC must be local?

b) BCP/DR drills done yearly with DR centre also hosted locally?

c) this is an SaaS?  So we can apply all  the SaaS compliance
    requirements on them including returning data to us &
    secure erasure of data when exiting?

d) ... any other ... ?
I am using Synology VPN [open vpn] to connect my laptop which uses a cellular connection to my office network, suddenly, it fails to connect with the following errors
 LS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS handshake failed
Still, if I connect my laptop with a wired connection it connects no problem.
Need a secure iPhone/MacBook Password program

I use 1Password, but heard that DropBox files can not be secured. So, even if opening the app on my Mac or my iPhone might feel secure, a hacker could get in.


What is a good alternative?

Security if obviously important.

I guess the only advantage of using 1Password is if I somehow forgot that password, I suppose tech support at 1Password could crack it. But, I assume that means ANYONE at 1Password could crack it.


hi guys

I'm thinking of ways in which we could educate our staff when it comes to the actual threats of security through emails like phishing.

However, if I wanted to send out reminders frequently like every fortnight, then I'm wondering what sort of content could be covered in order to not become monotonous?

Have you seen this done at firms you've worked at? If so, are there any tips?

Thanks for helping
we had recently password spray attack on our COMPANY.

We have on premise ADFS AND AD server. I was researching and found below
2.      In Unified Audit logs, searchable via:
a.      These logs are only maintained for 90 days and would have rolled prior to the escalation below.
b.      The customer can archive these logs via REST to a SIEM or other log storage solution for longer if required.

regarding point no. b is there any method where I can archive logs via REST or SIEM  method

we don't have on premise exchange all mailboxes are in 365.
Are there any useful documents/articles that are routinely issued/upgraded which show specific trends in cyber attacks for say the past 2-3 years, and for any major cyber attacks that hit the news – what the root cause of the vulnerability that was exploited was? i.e. what the cyber criminals are targeting nowadays, and what the relevant controls are to protect against those, assuming they could be protected against, e.g. a relevant patch applied?

I was also interested in identifying the primary/priority security defences, or at least coming up with some form of priority checklist of what to assess in what order when it comes to security. I appreciate on larger networks/infrastructure security must be an absolutely mammoth effort, and any single vulnerability on any device could be your downfall, but there must be some form of precedence in terms of priority of cyber controls when self-assessing your cyber/security defences, so my question to you is - where exactly would you start, and do any of the guidelines out there put cyber controls/defences in order of importance/priority, I assume they must do, but quite which articles/guidelines is an unknown to me.  

If you were doing an independent review of your security/cyber defences, what order would you start in, e.g. the absolutely bare minimums, and then onto the second tier of
defences, 3rd etc. If there are no such guidelines, your own view on this would be equally as interesting.
Hi Experts,

Looking for a way to activate "Launch program before Windows login" for Watchguard 12.2 VPN client? Trying to have the VPN login show up before Windows login so once Internet is connected remote users can connect to the VPN and then AD for authentication. This has to be done during first boot so looking for silent switches which would enable install of VPN as well as enabling of the feature above. Have attached the silent install switches that I am aware of 

Thanks in advance
Sorry for such a noob question.  We have a Watchguard T35.  Right now it has a Branch to branch VPN set up to another watchguard.

It also has the capability to make a vpn to a specific computer that's on the road, right?  What app(s) can be installed on the windows 10 computer that can do that?

Preferably free.  Does watchguard include software to do that?  Is there a standard the software needs to meet (does Watchguard have their own proprietary way of talking to endpoints?  or an vpn software works?

Build an E-Commerce Site with Angular 5
LVL 13
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

Just wondering if anyone has a good recommendation for a NAC solution and also knows how the FortiNAC licensing works.

We have a user received attached message.  Should he worries?

Please advise if any action we should take.

We are implementing a guest Wifi via a captive portal.

Attached is  Terms & Condition for the portal for guest
to read & ack: feel free to critic, amend or enhance it.
We had someone bring an infected laptop into the network. It sent out emails and we got put on a blacklist. 3 picked us up. We got off two and the third is saying it could take 3-4 days to drop off. They won't just take it off for us. So how do we get around this? We can't send out emails. We can't bill anyone. We can't continue business operations. This has crippled our network. They have blocked the IP address and put it on a blacklist but not necessarily the domain.
We have a Parameter Tampering  weakness in our app which we are not in
time to fix at the applications level so exploring alternative mitigations,
namely WAF & IPS.

The Parameter Tampering weakness is:
a Web-based attack in which certain parameters in the Uniform Resource Locator (URL) or Web page form  field data entered by a user can
be changed without the required authorization. After changing, it points the browser to a link, page or site other than the one the user was
authorized (from his original authentication) to access.

Changing the input 60001 which user entered under parameter "file_id" in the URL is a valid request & thus the user could see
other contents (which he was not meant to see) by changing it to different values.

Is it possible to customize rules/policies in WAF/IPS such that the rules whitelist the download form (there's only 1 form that we're
vulnerable) to only the 3 URLs (exactly same URLs as above except the value after  file_id=   and block off the rest;  the 3 values
are 80001, 80002, 80003).

We use Weblogic to serve as web service
We are calling a tender for Managed SOC & drafting requirements.
Can point me to samples or share requirements normally expected
of vendors for such Managed SOC?

Besides piping firewalls, network devices, servers, UEBA events to
them for correlation, is it common to pipe  originating IP addresses
of incoming emails (eg: O365) to them to check against blacklists?
I felt O365 antispam & antiphish & anti-malware protection is
not enough.

We have EDR in place but was told to do MDR (Managed Detection
& Response), we must go back to the same EDR vendor (Trendmicro
to be specific) but TM doesn't do managed SOC, only MDR.
We don't want fragmented service providers ie one for managed
SOC & another for MDR.

Also, can we include a requirement  such that we do away with our
current Defacement vendor (it's a Telco) & the managed SOC use
their own tool to manage our URLs  (eg: using 'wget' or 'curl' to
download our web pages contents & compare against a baseline?
Or this is a function specific to Defacement vendor only & SOC
doesn't normally do this function?

What are the certifications required of such vendors eg: ISO27001/2,
must have certain encryptions, ... ?  

I guess we can specify 'hot', 'warm' & 'cold/archive' of the events
for us to access via a dashboard??  Can we specify that the 'hot'
events must be on an SSD, 'warm' on fiber storage & 'cold' on
SATA (or usually it's tapes) if this vendor operates on cloud?

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.