Dear Experts

I am looking for the best practice network design to connect 03 offices which is 3 different locations with secured links with redundant links. Below explained
Data center where business applications are hosted in the location 1 here the business applications which are web-based applications, windows AD for authentication, file server, email server are maintained, cisco 1010 FTD and Cisco FMC is in place and two ISP’s.
Location 2 which is far of distance is going to be connected to location 1 data center with MPLS VPN link and for redundancy broad band link planning for SD WAN solution. Finalized and implementation is in progress.
Now that all the employees who were so far working in location 1 that is at data center location to be shifted to the location 3 which is of little distance from location 1.  However, we are not shifting data center and our employess are of 20 users who is going to work from location 3 and they have to login for authentication to location 1 where the windows AD and file server for their document store and business application they use CRM.
1.      Please suggest the best network design to connect location 3 to location 1, should I have to plan for MPLS VPN as one link and secondary link as leased line and use SD WAN solution here or any other best practice please.
2.      How much bandwidth would be needed between location 3 to location 1 for web-based and store documents in the folder
3.  as we have 20 users is it required to setup …

Hi All,

We use WatchGuard Friebox as our firewall. Last couple of days it has detected and blocked a relatively high for us(1oo hits) of activity it labels as MASSCAN Activity. I have traced this back to a handful of IP addresses. These tried to attack a couple of our web server that we have to publish on the internet. Only ports 80 and 443 are open on these connections.

Is there anything etc I can/need to do to help stop this activity, or is it one of those things I have to live with as long as WatchGuard is blocking it.

Cheers,
Paul

We get an audit finding from one of the Big Four audit firms as follows:
"A study should be conducted to determine the granularity of the segmentation of end-users. Minimally,
  IT administrators should be in a separate network segment from the rest of the end-users."
"Inadequate network segmentation increases the ease and risk of lateral movement by cyber-
  attacks, if a server or device in the segment is compromised."

As sysadmins have "privileged" access to servers & compromise of their PCs will risk compromising
the servers in a 'privileged' way, we'll adopt the recommendation.

I'll need some good points/arguments to support our stand of not further segmenting each
departments from each other:

a) the main exposures are from "Internet surfing" & emails access (lots of malicious attachments,
    phishing, spam emails seen in email gateways) besides USB ports

b) all other users belong to same trust domain as they read emails & surf internet (yes, the
     sysadmins are encouraged to surf internet on PCs not used to surf Net & read emails)

c) for workstations used for Industrial Control Systems/Operations Tech, they don't have email
    access & Internet surfing &  have been rightfully segregated as per existing set-up

d) To prevent lateral attacks, EDR, AV & email security (forwarding of malicious emails to
     other colleagues) are in place with SIEM for detecting such events in the pipeline

e) if we were to segregate every departments (eg:…

How can I lower the Java Security Rules for internal networks only?

Currently our users are needing to manually enter an internal web address in their Java Exception list.  I have been charged with trying to make the process more automatic for our users.  Specifically to allow all URL's for internal web addresses to allow the Java Applet.

I did find a way to create an Exception list for the computer:  https://community.spiceworks.com/how_to/123766-java-site-exceptions-list-and-certificates-for-all-users

but, this option takes away the user's ability to have their own list or to add the web sites that they want and the list will be managed by the local administrator.  Equally important, if I used the above mentioned web page documentation then it will overwrite any Java exception list that the user already created.  We do not want to go that route.

Is there a way to allow internal web addresses to have a lower Java Security level then external web addresses?  TO actually allow Java to be run on those internal web url's.

We've got an issue, an IIS web application can't access a file on a shared drive.
The app pool credentials are the same as the desktop user credentials we are logged in to the server's console. The account is a domain user account and also an administrator on this web server (it's an intranet server). The anonymous authentication is set to "application pool credentials".
From the windows UI the shared path is fully accessible both via an UNC path and mapped drive, but running from the web app we are getting an "LOGON FAILURE"  in the Process Monitor log.
I tried to create a virtual directory pointing to that shared drive, but IIS can't access the web.config neither, displaying a 500.19 server error with a error code 0x8007052E

I don't understand, what could prevent a domain account to access a shared folder on another machine in the same domain just because it is being running from an IIS process?

Dear Ladies and Gentlemen

we need to find whether D-Link DWM-222 Dongles have any security vulnerability (with latest firmware update).
Do you know any? If not where should I start?

Thanks

Hi All,

We use WatchGuard as our firewall and have Dimensions setup for reporting. What is the easiest way to find out and possibly monitor all users that have some form of file transfer either ftp, or web/app based such as dropbox etc?

Can this be done / how best to view this info or set this up?

Cheers,
Paul

I have (2) Watchguard M270's configured in a firecluster.

Interface 0 is the External interface configured with a /28 block.
Interface 1 is the LAN

We have consumed all of our IP's so I ordered another /28 block from our datacenter today. As soon as I configure Interface 2 for our new IP block, outbound traffic for the most part ceases to work on our network, however some things do work.. so we'll call it intermittent. As an example, I can ping out to 4.2.2.2 but can't ping 8.8.8.8. As soon as I disable Interface 2 that is configured for the new IP block, I am able to ping 8.8.8.8 again.

I'm assuming this is because we now have 2 WAN interfaces configured and outbound traffic doesn't know which interface it should be sending traffic out on but I couldn't be sure. I've made 4 calls to Watchguard support and nobody can identify the problem. I even had our datacenter issue us a different IP block just to rule out any kind of odd conflict but the problem persists with a new IP block.

Am I going about this all wrong trying to have 2 IP block's configured on our Watchguard? Is the better solution to just order a bigger block of IP's and re-IP everything? I was trying to avoid that hassle by just adding an additional block of IP addresses but it seems that what I'm trying to do here isn't working..

I would appreciate any advice or input that someone could give on this. Thank you!!

Hello,

My site has not stopped planting for a while.
I was advised to check my logs and I see that there is this IP 150.918 times in my logs from 00:00:07am to 12:36:01am


what do you advise me to do?

I added this Deny from 104.248.248.206 to my .htaccess but ip continues to show...

Thank you for your advice,
Jaber

Two separate businesses using the same domain name have now merged into one.
This is the first time I've ran into this and hope someone could shed some light. We've recently acquired a new client who at one point had two domain controllers. Server 2008 and Server 2012. They moved Server 2012 over to a new location as part of a different business, but kept the same domain name. Server 2008 AD sees the 2012 as a DC, However 2012 doesn't see 2008 as a DC. They are now on different networks, but recently was configured to tunnel back to corporate to share resources.

What I'm trying to accomplish: Join a 2016 DC to their corporate to decommission 2008.

Error I'm getting when promoting 2016 to a DC: "Active Directory preparation failed. The schema master did not complete a replication cycle after the last reboot."



What I've gathered so far.

Server 2008 - DC - samedomain.local - Corporate Office

At one point was replicating to 2012.
Server 2012 - DC - samedomain.local - Remote Office

No longer replicating from 2008.
Recently a WatchGuard VPN was put in so the two locations could talk and share resources. Different IP schemes, and they don't know about each other.

My Question: Can I safely remove 2012 DC from 2008 to stop attemping replication and at the same time continue to operate both under the same domain names, but seperate?

Remote Office will still use 2012 to authenticate locally until we can sit down and plan out a migration plan several …

hi any document or link where explain which security policies apply or create documentation of security policies

I have a huge number of messages in my VPN router LAN access from remote. And I do not know where are they coming from. No email server is setup, it does not seems to have any games on it. the only thin I have created a port for RDP  and forward that port so I can access the server from ouitside

Please advice

Hi Experts,

what is difference b/w source-nat and destination-nat? i believe source nat is just hiding your internal IP behind the public IP address, and destination NAt we use in mainframe system or headless devices that do not have a default gateway. this concept driving me bananas. i really appreciate your clear answer.