Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat. The purpose of this eBook is to educate the reader about ransomware attacks.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Network Security
6K
Solutions
8K
Contributors
Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.
Share tech news, updates, or what's on your mind.
All of a sudden a user is getting an error when trying to connect to workstation through a site to site vpn that says "An error has occurred", If the VPN is diconnected and the WAN IP Address with the Port is used then the RDP works just fine. VPN is configured on Sonicwall TZ215 and TZ100. We can also RDP on the same LAN as the system without issue.
3 Comments
Ransomware-A Revenue Bonanza for Service Providers
Our apps team somehow has a way of detecting that 61.239.162.190 is an
IP of a credit card fraud : I'm not quite close to the team so anyone know
if there are IP list out there that blacklist it?
I've checked www.ipvoid.com & threatstop.com but this IP is not in their
extensive blacklists.
How can I find out the mode of fraud of this IP? Does this source IP send
emails or via sort of application (credit card processing)?
I've heard of several Online Fraud Tools (by IBM & F5) but haven't managed
to play with them yet
IP of a credit card fraud : I'm not quite close to the team so anyone know
if there are IP list out there that blacklist it?
I've checked www.ipvoid.com & threatstop.com but this IP is not in their
extensive blacklists.
How can I find out the mode of fraud of this IP? Does this source IP send
emails or via sort of application (credit card processing)?
I've heard of several Online Fraud Tools (by IBM & F5) but haven't managed
to play with them yet
Hello,
I wrote a script to create a folder path and it works OK, however, it creates folders read only and I am trying to avoid that. I do not want it read only because then another process cannot create some files within the DATA folder. This is what I wrote and it is still creating the folders read only. Can you please let me know what am I missing?
mkdir -p "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSER
attrib -R "C:\Program Files\Microsoft SQL Server\*.*" /S /D
I wrote a script to create a folder path and it works OK, however, it creates folders read only and I am trying to avoid that. I do not want it read only because then another process cannot create some files within the DATA folder. This is what I wrote and it is still creating the folders read only. Can you please let me know what am I missing?
mkdir -p "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSER
attrib -R "C:\Program Files\Microsoft SQL Server\*.*" /S /D
Ever wondered what it takes to become a threat intel expert like Malwaretech? Check out our first Q&A release where Marcus discusses his background and predictions for the next threat in malware.
Compliance and data security require steps be taken to prevent unauthorized users from copying data. Here's one method to prevent data theft via USB drives (and writable optical media).
Hello - we upgraded from a 5510 ASA to a 5516 recently. On our old 5510, the home page of the ASA would present the ASDM tool. the 5516 does not do this. After spending an hour reading the Getting Started guide and online, I find lots of information about how the ASDM works - but hardly any help on how to actually launch the tool. Need some help from the experts. thanks
Hi Guys
I have a problem with Maximizer software that if everyone group does not have full permission to the c:\windows\temp on the server it will not work. I called Maximizer and they don't even know about this. They keep asking to reinstall it.
So to fix my problem I just give everyone full access to the c:\windows\temp and we are good to go for sometime 3 months other one day only. The reason is that the everyone group just disappear from there and I have to add it again.
Nobody other than me has access to the server so I can confirm that there is no other admin or user changing this.
Any idea what's going on? The Maximizer run on Terminal server 2012
I have a problem with Maximizer software that if everyone group does not have full permission to the c:\windows\temp on the server it will not work. I called Maximizer and they don't even know about this. They keep asking to reinstall it.
So to fix my problem I just give everyone full access to the c:\windows\temp and we are good to go for sometime 3 months other one day only. The reason is that the everyone group just disappear from there and I have to add it again.
Nobody other than me has access to the server so I can confirm that there is no other admin or user changing this.
Any idea what's going on? The Maximizer run on Terminal server 2012
A customer called a number claiming to be HP and spoke to someone who ran LogMeIn onto his PC, logged in, and told him that his computer has been the target of hacks and that people "in another state are using his computer to launch attacks." Anyways, I logged onto his computer, did a full virus scan, reset his Windows Firewall settings, ran SFC, and checked all his startup programs and nothing come up unusual. Is there anything else I can do to verify that there's no damage or back door left on his PC?
How to block unmanaged switches from network. I have already apply BBDU Guard on interface but where unmanaged switches attached port will not block. and in show spanning-tree interface detail command no BpDU received. So please help is required for block unmaanged switches fron network. Other than port security please
Experts Exchange got the opportunity to interview MalwareTech, the 22yr old who discovered the WannaCry kill switch. Check out his advice on security and future security threats, as well as his comments on the importance of tech communities.
Active 2 days ago
Once a customer called me and told our software tells him 'Hardlock not found' - after 10 minutes verifying everything (driver, service, client) was installed fine and running, just for fun and coz I was a little bit frustrated, I aksed if he really plugged in the hardlock - the customer was a bit surprised and answered "No, it's here, laying in front of me, on my desktop - do I have to plug it somewhere?"
Another time I sent a PDF docu to a customer - he answered with a mail asking me what to do with this PDF. I wrote 'just open it to read or print it' - he answered he doesn't know what 'open' means and asked me if it would be possible that I open the PDF and send it to him 'opened'.
And one of my favorites, allthough it wasn't directly me: Once surprisingly I heard my colleague (usually a relaxed guy) yelling loud into the telephone "NO! STOP! Stop EVERYTHING! DON'T TOUCH the mouse! DON'T TOUCH ANYTHING! When I tell you 'click', click EXACTLY ONCE with the LEFT mouse button! WHEN I TELL YOU 'double click', click EXACTLY TWICE with the LEFT mouse button! As long as I don't tell you anything DON'T TOUCH ANYTHING!!!"
Another time I sent a PDF docu to a customer - he answered with a mail asking me what to do with this PDF. I wrote 'just open it to read or print it' - he answered he doesn't know what 'open' means and asked me if it would be possible that I open the PDF and send it to him 'opened'.
And one of my favorites, allthough it wasn't directly me: Once surprisingly I heard my colleague (usually a relaxed guy) yelling loud into the telephone "NO! STOP! Stop EVERYTHING! DON'T TOUCH the mouse! DON'T TOUCH ANYTHING! When I tell you 'click', click EXACTLY ONCE with the LEFT mouse button! WHEN I TELL YOU 'double click', click EXACTLY TWICE with the LEFT mouse button! As long as I don't tell you anything DON'T TOUCH ANYTHING!!!"
Simple, centralized multimedia control
Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.
Does someone have experience with SaaS solution for network security management?
Active today
Hi Asher,
Welcome to Experts Exchange.
Do you have a project in mind that you need someone to work on for you?
If yes, check out our Gigs platform.
https://www.experts-exchange.com/gigs/
If you want to look at members on the site you can go to navigation menu > Browse > Members. There you can filter what type of expert you're looking for.
Welcome to Experts Exchange.
Do you have a project in mind that you need someone to work on for you?
If yes, check out our Gigs platform.
https://www.experts-exchange.com/gigs/
If you want to look at members on the site you can go to navigation menu > Browse > Members. There you can filter what type of expert you're looking for.
Hi Experts,
I am installing new wireless equipment at a very small motel this week. They have AT&T business internet and just want to provide an SSID and password/key to guests to connect. No splash screen or anything like that. They were originally using Netgear signal boosters that you plug into wall outlets, but customers stole them.
I told them I would only use pro-level equipment, so I have ordered 2 UAP-AC-PROs and the Ubiquiti 8-port 60w PoE Switch for 12 rooms. Eight rooms are in a 2-floor building, four on each floor and the other building is just four rooms on a single floor. I plan to install one AP on the ceiling in room 3 (middle, bottom room) of each building, including the two floor building. The rooms are small so I think this will suffice.
Questions:
Do I need to order a security device or new router? Can I use the AT&T provided router and connect it to the Ubiquiti PoE switch and configure the WAPs using the Ubiquiti controller software installed on the office PC? And will that software without a security device or new router be able to provide two SSIDs?
The owners are trying to save money (of course!) so I wanted to see if any other gear was necessary. It appears that the solution I've provided will do the trick, but it is not ideal security-wise. Any advice is appreciated!
Thanks,
Rich
I am installing new wireless equipment at a very small motel this week. They have AT&T business internet and just want to provide an SSID and password/key to guests to connect. No splash screen or anything like that. They were originally using Netgear signal boosters that you plug into wall outlets, but customers stole them.
I told them I would only use pro-level equipment, so I have ordered 2 UAP-AC-PROs and the Ubiquiti 8-port 60w PoE Switch for 12 rooms. Eight rooms are in a 2-floor building, four on each floor and the other building is just four rooms on a single floor. I plan to install one AP on the ceiling in room 3 (middle, bottom room) of each building, including the two floor building. The rooms are small so I think this will suffice.
Questions:
Do I need to order a security device or new router? Can I use the AT&T provided router and connect it to the Ubiquiti PoE switch and configure the WAPs using the Ubiquiti controller software installed on the office PC? And will that software without a security device or new router be able to provide two SSIDs?
The owners are trying to save money (of course!) so I wanted to see if any other gear was necessary. It appears that the solution I've provided will do the trick, but it is not ideal security-wise. Any advice is appreciated!
Thanks,
Rich
I understand the exposure of having a public facing website with username root.
So, I have created a new username and changed my WordPress site to use that new username.
Shall I delete the "root" username?
Thanks.
So, I have created a new username and changed my WordPress site to use that new username.
Shall I delete the "root" username?
Thanks.
I have a DVR system for my IP camera systems and I have a sonicwall firewall. I need to access my dvr through my public IP address while out of office. I did the following steps:
Creating the necessary Address Objects
Then I did
Creating the appropriate NAT Policies which can include Inbound, Outbound, and Loopback
Then I did
Creating the necessary Firewall Access Rules
then
I did these steps and still cant access the DVR system when outside my network.
Creating the necessary Address Objects
Then I did
Creating the appropriate NAT Policies which can include Inbound, Outbound, and Loopback
Then I did
Creating the necessary Firewall Access Rules
then
I did these steps and still cant access the DVR system when outside my network.
Our current McAfee NIDS is going to be EOSL soon so we're considering
whether to upgrade to Intel McAfee's Threat Defense Lifecycle or
dedicated NIDS or integrate NIDS function into our existing Checkpoint
NGFW firewall?
It's a perimeter NIDS (not internal network NIDS)
Kindly assess in terms of
a) performance : with dedicated NIDS, it won't affect firewall's performance?
b) however, dedicated NIDS, need an extra console? Lack's integration with
firewall (to block bad/malicious source IP ??) ?
c) any other ... ??
I see a trend by vendors coming out with unified products from Cisco,
Sophos, so does this mean this is the way to go ?
whether to upgrade to Intel McAfee's Threat Defense Lifecycle or
dedicated NIDS or integrate NIDS function into our existing Checkpoint
NGFW firewall?
It's a perimeter NIDS (not internal network NIDS)
Kindly assess in terms of
a) performance : with dedicated NIDS, it won't affect firewall's performance?
b) however, dedicated NIDS, need an extra console? Lack's integration with
firewall (to block bad/malicious source IP ??) ?
c) any other ... ??
I see a trend by vendors coming out with unified products from Cisco,
Sophos, so does this mean this is the way to go ?
The product will come with its' operating system only , for training, does palo alto offer the service 30 days evaluation (like Microsoft) when expire you have to re-install it again.
Abstract Network traffic is volume of data moving across the system at any given time. The traffic encapsulates in packets to provide load, it effect organization network resources by assisting to ensure good quality in service. Data is important resources of any business organization; its security
Hi,
Can anyone help in identifying why once my vpn client enabled. I can ping all other internal IPs except 192.168.4.1(interface DatabaseZone) and 192.168.3.1. My vpn client assigned 192.168.5.100 which is in the range ov VpHi,
Can anyone help in identifying why once my vpn client enabled. Cant ping any of internal IPs configuration like 192.168.4.1(interface DatabaseZone) . My vpn client assigned 192.168.5.100 which is in the range of Vpnclients object-group configuration.nclients object-group configuration.
here attached output from "show vpn-sessiondb detail remote"
vpn-sesssiondb-detail.txt
Can anyone help in identifying why once my vpn client enabled. I can ping all other internal IPs except 192.168.4.1(interface DatabaseZone) and 192.168.3.1. My vpn client assigned 192.168.5.100 which is in the range ov VpHi,
Can anyone help in identifying why once my vpn client enabled. Cant ping any of internal IPs configuration like 192.168.4.1(interface DatabaseZone) . My vpn client assigned 192.168.5.100 which is in the range of Vpnclients object-group configuration.nclients object-group configuration.
here attached output from "show vpn-sessiondb detail remote"
vpn-sesssiondb-detail.txt
Hello,
we woud llike to configure firepower 2100 in our datacenter, here is our plan:
We do the cabling from our Router to Firepower 2100(IPs) , and the do cabling from Firepower2100 to our network switch. We monitor incoming and outgoing traffic on Firepower port.
Is it the proper design?
we woud llike to configure firepower 2100 in our datacenter, here is our plan:
We do the cabling from our Router to Firepower 2100(IPs) , and the do cabling from Firepower2100 to our network switch. We monitor incoming and outgoing traffic on Firepower port.
Is it the proper design?
Ready to trade in that old firewall?
Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!
Hello experts, I have a client running Server 2012 with 10 client PCs, the Symantec anti virus flagged up a dodgy file this morning, it blocked it but it prompted me to investigate. I found that one of the client PCs shows logon activity using the computername$ account at about the same time as the file was found, and later on the server computername$ account. The system is using a draytek router, which had Remote desktop enabled previously, this has been turned off since January but when I checked the firewall, port 3389 was still enabled. I have disabled that and rebooted the router. I am currently only using VPN as remote access.
So far, all appears OK on the system. My question is regarding the $ accounts, I was aware of them but never used them, can they be used without a password to gain full access, is there anything that can be done to guard against this?
So far, all appears OK on the system. My question is regarding the $ accounts, I was aware of them but never used them, can they be used without a password to gain full access, is there anything that can be done to guard against this?
We want to implement some sort of WEB security filtering for group of remote offices. We have two things on the table for us to consider.
1. Cisco NGIPS (Firepower), and management center.
2. Websense
I used Websense in the past. Users who try to open up bad web links from their email or web browsers, they are not able to do it.
I am not familiar to Cisco Firepower. Does someone know if it does the same thing as Websense? What are their major differences in a high level perceptive?
Please advise.
Thanks.
1. Cisco NGIPS (Firepower), and management center.
2. Websense
I used Websense in the past. Users who try to open up bad web links from their email or web browsers, they are not able to do it.
I am not familiar to Cisco Firepower. Does someone know if it does the same thing as Websense? What are their major differences in a high level perceptive?
Please advise.
Thanks.
Hi,
Anyone knows if there are any Windows base honeynet environments which one can easily download and configure accordingly without the need to setup everything from scratch? I have heard about KF Sensor but have yet to test it out. Maybe someone knows a library of VMs illustrating different honeypot server roles which can be deployed with some guidelines? Thanks in advance.
Anyone knows if there are any Windows base honeynet environments which one can easily download and configure accordingly without the need to setup everything from scratch? I have heard about KF Sensor but have yet to test it out. Maybe someone knows a library of VMs illustrating different honeypot server roles which can be deployed with some guidelines? Thanks in advance.
I just had it happen *again*. /opt went to 100% and management services croaked and wouldn't restart.
After rebooting the OS I was able to acs-config and run acsview replace-cleandb. This will make things
good for a few months. I only keep like three months of logging and show acs-logs didn't appear to have
that much in it anyhow. How do I prevent /opt from filling up and stopping services?
After rebooting the OS I was able to acs-config and run acsview replace-cleandb. This will make things
good for a few months. I only keep like three months of logging and show acs-logs didn't appear to have
that much in it anyhow. How do I prevent /opt from filling up and stopping services?
Hi guys,
I need some inputs from you guys so that I can set up my DMZ Lab. I have added a 2nd SME Mail Server in my DMZ and I also have my Web Server. In my Internal Network, I have my 1st SME Mail Server and AD/DNS.
I am using a pfSense Firewall with 3 NIC. I did some Port Forwarding so that my WAN users can access my Web Server.
Adding a 2nd SME Mail Server in the DMZ so that all Mails from outside or WAN will be forwarded in DMZ.
Internal Network users can send email and receive. I don't have idea and I want to understand how to do this.
Can please anyone help me ?
Thank you so much
Novice
I need some inputs from you guys so that I can set up my DMZ Lab. I have added a 2nd SME Mail Server in my DMZ and I also have my Web Server. In my Internal Network, I have my 1st SME Mail Server and AD/DNS.
I am using a pfSense Firewall with 3 NIC. I did some Port Forwarding so that my WAN users can access my Web Server.
Adding a 2nd SME Mail Server in the DMZ so that all Mails from outside or WAN will be forwarded in DMZ.
Internal Network users can send email and receive. I don't have idea and I want to understand how to do this.
Can please anyone help me ?
Thank you so much
Novice
I'm quite new with Firewalls and need some quick configuration tips, make zywall up and run with some basic open ports browsing, email (port 995), chat, youtube. Would like to know what do I get out-of-the-box when I start and switch on for first time my new Zywall usg100
Network Security
6K
Solutions
8K
Contributors
Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.
Top Experts In
Network Security
-
1
masnrock14,708 points -
2
btan13,475 points -
3
noci3,400 points -
4
Predrag3,200 points -
5
Lee W, MVP3,156 points -
6
LegendZM2,664 points -
7
McKnife2,500 points -
8
myramu2,000 points -
9
James H2,000 points -
10
Shaun Vermaak2,000 points -
11
Davis McCarn1,800 points -
12
robocat1,800 points
-
13
Teksquisite1,554 points -
14
Garry Glendown1,472 points
-
15
David Johnson, CD, MVP1,300 points -
16
Jackie Man1,300 points -
17
viki20001,048 points -
18
Thomas Zucker-Scharff1,048 points -
19
nobus1,000 points -
20
Austin Texas1,000 points -
21
Olaf Doschke1,000 points -
22
J Spoor1,000 points -
23
Patrick Bogers1,000 points -
24
Ajit Singh1,000 points -
25
Mlungisi Ndlela1,000 points