Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

In this article, we’ll look at how to deploy ProxySQL.
0
2017 Webroot Threat Report
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Compliance and data security require steps be taken to prevent unauthorized users from copying data. Here's one method to prevent data theft via USB drives (and writable optical media).
1
 
LVL 96

Author Comment

by:Lee W, MVP
Comment Utility
Ok, thanks!
0
 
LVL 8

Expert Comment

by:Senior IT System Engineer
Comment Utility
Thanks for sharing the great article.
0
DDOS Threats!
Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
1
In this blog we highlight approaches to managed security as a service. We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
0
keylogger
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
4
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and information against these types of occurrences.
0
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.

How it Works


fake gmail login screen- phishedThe attack works by targeting a victim’s contact list and sending out authentic looking phishing emails. When this forged email is opened and the attachment clicked, a page appearing to be the Google log in portal opens.

Once the victim submits their credentials into the site, the hackers start crawling the victim’s inbox. These crawlers look at previous subject lines and attachments for contextual relevance to copy.

A screenshot is taken of a previous attachment and a new message is composed. This screenshot becomes the entry way into the phishing Gmail login page. The subject line is then pulled from a previous email that would be relevant to the attachment.

The new version of the email is sent to all the victims contacts, and the attack starts again. The use of previous subject lines and attachment, help to make the hacker’s email look very genuine. This technique has tricked many users into opening the infected attachment.

One of these emails is described by a commenter on Hacker News,

“[The hackers] went into one student’s account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a
0
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance.

A concise guide to the settings required on both devices
1
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
0
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
3
Plug and play, no additional software required!
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to get better.
3
threat model
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
1
 
LVL 66

Expert Comment

by:Jim Horn
Comment Utility
Hi Shakshi

Thanks for your submission.  889 words, completely original content, and reads fairly well.  The technical aspects of this article seem pretty solid, but I'm going to send this back to Draft / Author Review for some general readability editing.  When you're done go ahead and resubmit and I'll review from there.

Please separate paragraphs with a blank line, as without that an article can resemble a 'word wall' where everything jumbles together and can be difficult to read.

>fruitful dispatch, inculcate, buttonhole, the prerequisite in a venture, Addedly, ingressed, environ
These words are rarely used and may confuse people.  Keep in mind that if these are local slang than it might not translate well to a global audience.  I can appreciate that you're trying to tell a story and be somewhat entertaining in the process, but just make sure you don't lose people in the translation.

>as it were, Addedly,
There are some phrases here that do not add value and can be deleted.

>Now let's take a brief about what Threat modeling is: Threat modeling does not include
Please define something by what it is, not what it is not.  The 'is not' stuff can always be added later.

>STRIDE & DREAD.
If terms are going to be introduced but not defined please at minimum provide a link to a definition.

Please provide a conclusion.

Feel free to self-promote in the 'About the Author' section, especially if you have other publications that readers of this one may be interested in reading.

For a lot more recommendations on how to score maximum points on articles check out Top 10 Ways To Write Rock Star Technical Articles

Thanks in advance.  I look forward to seeing this as a finished product.
Jimbo
0
cybersecuritty
Read about achieving the basic levels of HRIS security in the workplace.
1
 
LVL 5

Author Comment

by:Oscar Waterworth
Comment Utility
It was a mistake, thanks for having such a keen eye.
0
Cyber or not!
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
3
cloud
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our businesses and ultimately lives.
0
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
3
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
4
 
LVL 12

Expert Comment

by:William Nettmann
Comment Utility
The Quagga is on it's way back - maybe the password will survive as well!
0
 
LVL 6

Author Comment

by:Teksquisite
Comment Utility
Thank you all for your comments = passwords must die!
0
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
7
 
LVL 17

Expert Comment

by:Kyle Santos
Comment Utility
Good job.
0
 
LVL 6

Author Comment

by:Teksquisite
Comment Utility
Thank you Kyle :)
0
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
3
 
LVL 6

Author Comment

by:Teksquisite
Comment Utility
Good grief the submit button was way at the bottom!
0
 

Expert Comment

by:SINC_dmack
Comment Utility
The connection between a smart phone and an email server should always be SSL encrypted.  It doesn't matter if the wifi connection is insecure, as the 2048-bit (or higher) level of encryption used by the mail server's SSL certificate is more than sufficient to keep hackers out.  If a hacker was able to intercept Steven Petrow's email and/or mail server credentials, it is because the mail server itself was inadequately secured, such as if it was a legacy unencrypted POP3-based server.  

The onus for that lapse lies with whoever is responsible for determining what is acceptable for the mail server's configuration, and on the user for relying on such an insecure method for using email.  All of the major free email providers (Gmail, Yahoo, Hotmail) provide encrypted connections, and so do properly-configured Microsoft Exchange servers.  But people using fly-by-night "100 mailboxes for $20 per month" or whatever services may well not have any encryption.  Where people can really run into problems is if they use insecure email services AND use the same password for other services.  For example, if Steven Petrow had used the same credentials for his email and for his credit card website, a hacker who got the email credentials could have sniffed his wifi traffic to see what credit card website Steven went to, and then attempted to use those credentials there.  But since the credit card website would be SSL encrypted, if Steven had used different credentials for email and the credit card website, then the hacker would have, at best, just been able to see that Steven was going to a credit card website, but not intercepted his credentials or any data sent or received to that website.

Sure, a VPN will alleviate the problem of having an insecure email server (and it's never a bad idea to have an extra layer of encryption), but who is going to start up a VPN every time they want their phone to check their email?  Pretty much nobody.  Rather than advise people to take a bunch of steps that ought to be unnecessary, suggest that they ensure that any services they access over the internet are properly SSL-encrypted.
0
10 Questions to Ask when Buying Backup Software
LVL 4
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
9
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address.

There is a new bug in BIND, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) through BIND 9.9.7-P1 and BIND 9.10.2-P2.

Basically, anyone can stop your BIND service (named), effectively shutting down your name resolution.

So if you administer name servers using BIND, you need to update NOW.
Unfortunately, that means you cannot wait for binaries for your distribution to become available, you need to install from source.

Problems:
  1. You need to install a development environment in your DNS servers
  2. Configuring and compiling can take a long time, using resources
  3. You need to uninstall the current packages, without losing your zone files and named config, including startup scripts.

My solution: configure a test server, configure, compile and install the new version of BIND from source, then copy all the files to the production servers. This way you disrupt the service for 20 sec max.

Caveat: all servers should run the same distribution and packages.

My servers all run Debian 7.8, with minimal packages installed, to reduce attack vectors.

Technique:
1. Create a test server (either from scratch, or by cloning one of your production DNS servers).
2. Prepare the build environment
test-server:apt-get install build-essential libssl-dev

Open in new window


3. Download and extract the package:

Open in new window

0
 
LVL 35

Author Comment

by:Dan Craciun
Comment Utility
0
In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats that revolve around your software and other applications. These threats can greatly affect your work and bring downfall to your business. This is the reason why you should seek the service of a reputed web application external penetration testing services company. It will help you ensure the security of your firm's network.

Unlike other manual security systems, external penetration testing services provided by a professional help you analyze your network vulnerabilities in a comprehensive manner. You can get rid of all the vulnerabilities with the combination of scanning tools and various other methods of manual penetration. These tools are designed specifically for preventing your system from any sort of data theft or identity theft.

Using penetrating testing tools will help you determine the extent to which your data or information can be compromised or in a position of vulnerability. There are end number of web application penetration testing companies that bring forth different types of tools and techniques for identifying and analyzing the common threats that can occur while using any online platform.

The penetrating testing process involves assessment of the network security and computer by imitating an attack on your…
4
A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them more and more I decided to trial one so I could offer a better opinion.  The one I decided to trial was called 'LastPass'.  It came highly recommended from a couple of my Web Developer friends who now use it for every website that requires some form of login!

In addition to the recommendation I did some research on the program to give me a little more confidence and understanding – I suggest reading a few reviews prior to jumping into anything.



What is a Password Manager?
A password manager is a program that helps a user to better manage and organise their passwords for online accounts.  Most Password managers store your passwords and then encrypts them.  The programs then require the user to enter a Master Password to decrypt them before they can be access.

What is the benefit of having a Password Manager?:
If you’re anything like me you will have lots of online logins, then over time this can become difficult to manage.  I found myself trying multiple login credentials on sites before finding the one that works, eventually getting there but sometimes I would have to do a password reset.
Using a Password Manager takes away this problem.  All you have to do is remember the one password and the program …
4
There is a question posted at http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28324159.html and in the comments someone asked if there are any Public Certificate Authorities (CA) that issue directly off the Root CA Certificate. The response was:

"There are plenty... 

Digicert, Verisign, Thawte, Comodo, to name a few."
This is incorrect, Public CA's are required to follow strict rules set in place by the CA Browser Forums and the Root Deployment programs of developers (e.g. Microsoft, Firefox or Apple).

CA Browser Forum: https://cabforum.org/baseline-requirements-documents/
Microsoft: http://technet.microsoft.com/en-us/library/cc751157.aspx
Apple: https://www.apple.com/certificateauthority/ca_program.html
Mozilla: https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/

Lets start off by Defining what a Public Certificate Authority is:

The CA Browser Forum defines a Public CA as "Public Certificate Authorities are companies or government agencies that have been …
2
 
LVL 15

Administrative Comment

by:Eric AKA Netminder
Comment Utility
Rob,

Congratulations; your article has now been published.

ericpete
Page Editor
0
There are some basic methods for preventing attacks on, hacking of and unauthorized access to a network -- maybe not completely, but up to a certain level.

Start with a well-reputed firewall and unified threat management (UTM) system -- a gateway level internet security device at every access point to your network. If you are in a small or medium-sized organization, where management is not willing to invest in IT (IT is a support system to their business, not their bread and butter) you need to give them a small presentation. If they have invested in security cameras and guards to prevent any unauthorized person from entering their premises, why would they will give unauthorized access to anyone to enter their network?

Explore the Internet, but don't expose yourself

Now you have your own firewall/UTM, so now you can prevent unauthorized to your network. While purchasing the firewall your procurement team has negotiated a lot and purchased the lowest quoted firewall and presented it to you. The vendor who has won this bid may have not-that-much-educated engineers, or the engineer sent to configure it is too much clever and configures the firewall in a very short span of time without asking you all the details of your network. So, it is your duty to know your network thoroughly and carefully.

The engineer came, asked you the public IP of ISP, asked you what you want to restrict, created some group, set up some group policies, showed you the bandwidth …
5
 

Expert Comment

by:Li HUANG
Comment Utility
Thank you     diprajbasu for the summary guild.   To restrict open port (s) ,  example only :80 to your remote ddns updater , how allow the router.map and ldap id you entirely  when as , the primary domain configure invalid at the router.format limited ? ( For a privacy : domain.com  format just input able as xxx.domain.com that of node.domain.com node default to where ? )   Can it be taken away by a device somewhere to be the domain.group ?   Hope to feedback Please .
0
 
LVL 1

Expert Comment

by:Rahul Sam
Comment Utility
Really great idea, There is one more precaution should be taken for network security by doing  penetration testing. As it is the best and most convenient way to find the vulnerabilities in network or websites.
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.