Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

There are 2 mac pc on my network which are not provide from my company .
All the pcs which are provided by my company had installed the esset antivirus .

The esset antivirus detect tcp attack by these 2 pcs.  The problem is that since the esset is not install to these 2 macs  
i don't know if there is any malicious program to these 2 macs or if the mac use something which is not recognized by the esset .

I need any advise how to manage this issue
0
Learn Ruby Fundamentals
LVL 13
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

We've got an issue, an IIS web application can't access a file on a shared drive.
The app pool credentials are the same as the desktop user credentials we are logged in to the server's console. The account is a domain user account and also an administrator on this web server (it's an intranet server). The anonymous authentication is set to "application pool credentials".
From the windows UI the shared path is fully accessible both via an UNC path and mapped drive, but running from the web app we are getting an "LOGON FAILURE"  in the Process Monitor log.
I tried to create a virtual directory pointing to that shared drive, but IIS can't access the web.config neither, displaying a 500.19 server error with a error code 0x8007052E

I don't understand, what could prevent a domain account to access a shared folder on another machine in the same domain just because it is being running from an IIS process?
0
hi am not able to connect to my via ftp but i can ping my vm am using winscp my vm is in linux ubuntu my host is window 10
host
0
Dear Ladies and Gentlemen

we need to find whether D-Link DWM-222 Dongles have any security vulnerability (with latest firmware update).
Do you know any? If not where should I start?

Thanks
0
I have a WatchGuard M370 Firebox with L2TP and IPSec.  My users login to the firebox and then to a terminal server or in some cases their desktops. It's basically a 2 factor system, they login to the firebox and then to the server - I want to keep that.   I have a bunch of users who take home laptops and work at home and I'm wondering if there's a way to have my Group Policy enforced while they are on VPN.  My VPN is a dmz so it's not actually part of the network,  however, if you type and IP address chances are you'll get where you need to go.  SO for example my home users connect to a terminal server in the DMZ.  They are using Laptops we created here, but if they are not acknowledged on the domain after 60 days I'm having to put them back on the domain because the trust relationship fails.  I want to try to avoid this.  Is there a way to do it?
0
Dear Guru, we would like to mitigate the DDos attacks on Sophos XG firewall however not sure how to fill these parameters. Can you kindly suggest and explain? How to make sure that we did not drop legit sessions?

Capture.JPG
0
Dear Experts
We have to deploy mail server on-premise for which we have thinking to go for microsoft exchange server.
my network consists
•      server virtualization -vmware infrastructure.
•      two ISP’s for high availability and windows AD for user management.  
•      CISCO ASA with FMC  
The user base we are looking for email server is too small that is 25 users. please suggest the email security solution that we should be considering  please recommend few best products for the email security. thanks in advance.
0
I am upgrading our Network and wanted to see if I am thinking properly.  I want to utilize 2 Different firewalls with a shared DMZ Zone.  Below is the configuration I am thinking about deploying.  I am using fictious IP's.

Internet
---------------------------------------------
Router IP - 50.50.50.1
--------------------------------------------
Firewall 1 WAN IP - 50.50.50.2
Firewall 1 DMZ IP - 10.0.0.1
---------------------------------------------
Server with Dual NIC's
Firewall 1 DMZ Server IP - 10.0.0.2
Firewall 2 DMZ Server IP - 10.0.1.2
---------------------------------------------
Firewall 2 DMZ IP - 10.0.1.1
Firewall 2 LAN IP - 192.168.0.1
---------------------------------------------
LAN Network

Firewall Rules
Firewall 1 WAN Allow Firewall 2 LAN
Firewall 1 WAN Allow Firewall 1 DMZ
Firewall 1 DMZ Block Firewall 2 LAN

Firewall 2 LAN Allow Firewall 1 WAN
Firewall 2 LAN Allow Firewall 2 DMZ
Firewall 2 LAN Block Firewall 1 DMZ


What do you think?
2-FW-DMZ-Diagram.pdf
1
Hey all,

With the increased threat of threats out there, I am wondering if I am doing enough for my clients and would like some sort of input as to what I should be doing more of to combat the threat of cybercrime

My usual Firewall install for a client is a Sophos XG with Threat protection, IPS & AV enabled with SSL VPN setups for people accessing the network. I suppose I am one of those people who want to make sure I have done everything to protect a network and want to ask a stupid question.. when it comes to RDP brute force attacks, if we don't have any WAN>LAN rules to open RDP ports, are we safe or do we need to physically go in and disable RDP protocol on every machine.

I know the threat has been around for ages but I need to get some clarification on this so any serious answers accepted, please.
0
Dear Experts
I am looking for few core points for ISMS objectives for IS027001 can you please on each of the section that it contains please. thanks in advance.
0
Starting with Angular 5
LVL 13
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

I know encryption decryption mechanism for a typical HTTPS based communications.

However, Failed to understand the how chemistry between below 2 blocks works  
{private&Public key} ---vs-  {SSL certificate }

Please advice
0
I have an oracle HTTP server 12.3.1 which is based on Apache 2.2 running on RHEL 7.4 machine.

I use it to run a web oracle database application via mod_plsql.

It has been running fine for years.

Last week users started reporting outage and very slow reponse time.

I found out that this happens when the number of connections goes from 50 to several hundreds. See attached list.
This was as a result of foreign IPs running a scanner or Sync DoS attack. Security does not admit this is
a DoS attack but more of a public scanner that always run on most sites.

The traffic coming to my web server goes through an IDS, Load Balancer, Palo Alto Firewall, WAF and then my web server.

We added a rule on firewall to block all internation Ip but a few hours later I found a scan started from an IP in california.

Security claims they cant prevent these scanners to scan the public site and that I should fix the issue on web server by hardening or tuning the Apache server.

MY web server has 16 GB RAM. I upped the MaXCLients for Apache from 150 to 450 and added SYN_COOKIES to the linux machine.
I dont know if this will provide protection yet or not.

My questions,

1) Is what security say correct? Should not the SYN flood attacks be blocked on the IDS or firewall device?


2) what can i do for tuning in Apache to solve this problem and prevent of connection overload to hang the server?

3) Could it be that RHEL or Oracle web server is not killing open connections …
0
I have some security industry certifications, CEH, Palo Alto, Comptia CASP and security + and wanted to know what GIAC certs are most marketable.  I understand that this will also be affiliated with what my present position is and what my future position will be as well...
But I wanted to, in general, know which GIAC cert is most valuable. My current position is at a SOC for a financial company where I do security operations.  I'm also enrolled in a MS for cybersecurity as well.

Thanks for your input.
0
I have the following network and wanted to get your opinion, from a security/network point of view as to what is wrong and what to do about it.security issue
1
What are some services or applications that would be recommended to mssp's so that they can have 2fa on their windows logins and their domains? That way we can provide an extra level of security to ourselves and our clients.
0
hi guys,
i got a watchguard and azure cloud server.
got a branch office vpn gateway/tunnel confiugred between watchguard and azure server. and all works good for local users within watchugard network.


now am trying to create a mobile ssl vpn in watchguard for remote users, so they can connect to local network of watchguard and connect to cloud server. - but mobile vpn works:can connect to all local devices but could not reach cloud server... i know am missing some config or routes to connect mobile vpn and brachoffice tunnel vpn and also config in server to reach mobile ssl vpn back ?  ?? is this anyone done before or any ideas ?
0
Hi,

We have a Motorola security camera that we are trying to setup and connect to our WiFi.

This device needs WiFi but when we go to connect it to our WiFi, the camera does not pick our WiFi up.

The supplier has said that the camera can't connect to WiFI if it is not secure (has no password).

We do not wish to secure our WiFi at this moment as doing so would effect all devices connected to it and take time to connect with secure passwords.

Is there anything we could put between our WiFi and our camera as it needs secure WiFi.

Thanks,
Robbie
0
We had our guests' Wi-Fi network appear to be available with the same name and with "_A8" added to it. Users did not notice and tried connecting to it and connected to it. Only when I noticed they told me that its been a while there. I connected to it and checked connected device and discovered the booster. Can't remember the make and model now, but remember that it was Chinese brand I haven't heard of and it was the one you plug into the electricity socket and it picks up Wi-Fi and boosts it. I guessed that booster's login (admin and admin or something like that). I logged in there and disabled it. Did not think much about it because it was our guests' Wi-Fi which was separated from our main network by vlan. We set up new Wi-Fi straight away with new super long password and WPA2. I asked users to let me know if anything suspicious happens.
Last week users reported that the Wi-Fi with _A8 appeared and this time it is the new Wi-Fi with _A8. Not really sure how that happened. Users reported that they did not connect to it yet nor they did try to connect (difficult to say that this did not happen for 100%).
Normally we do not give out Wi-Fi password even though it is for guests as we do not have that many customers visiting. Users do not remember anybody asking for Wi-Fi password recently. hard to say for 100% when this new Wi-Fi with _A8 really appeared.

I need your help with:
1. How could this happen? We always use WPA2 encryption and the fact that the booster was …
0
Hi I need to open inside to outside tcp ports 4105,4117 and 4118 for my watchguard to go out through my Cisco2911 -K9 router.

How do I do this in CLI?

I have tried
Extended IP access list 120
    10 permit tcp any eq 4105 any eq 4105
    20 permit tcp any host "external IP" eq 4105
Extended IP access list 121
    10 permit tcp any eq 4117 any eq 4117
    20 permit tcp any host "external IP" eq 4117
Extended IP access list 122
    10 permit tcp any eq 4118 any eq 4118
    20 permit tcp any host "external IP" eq 4118


Thanks in advance
0
Angular Fundamentals
LVL 13
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

Hi,
I want to have one shared place to path of CentOs 7 machine, like the below. How?
\\113.255.213.124\tmp
0
I have 20 Dell Optiplex 7050 Windows 10 computers all patched up and working without issue.  All computer use SonicWall CaptureClient and also MalwareBytes Endpoint Protection.  Some computers have wired keyboards and others have Microsoft Comfort Wireless Keyboards/Mouse 5050 connected.  I have enable group policy Screensavers (Ribbons, Wait 15 min, checked on resume, display logon screen).  All users are setup as normal users without local admin rights.  Same hardware and software installed on all computers (no deviation).

However, I have (2) of these computers that do not lock the computer after 15 minutes of inactivity.  They just will not lock at all even if left alone all day/night.  One of the two computers has a Microsoft wireless keyboard/mouse 5050 combo and the other uses wired keyboard/mouse.  

I have been unable to figure why these (2) computers will not lock even though its setup to do with group policy.  Not sure what can be done to fix it either.
0
We've started doing some PenTesting in our environment with KaliLinux and utilizing Metasploit as well.  Since this is an internal test, we are going with a segmentation approach, but I wanted to know what would also be recommended for our small company.  We have less than 1k users and smaller sites.  We're also planning on visiting the sites and doing site surveys in the near future.

Thanks for your thoughts and suggestions.
0
My current setup is this- I use a Watchguard firewall.
Interface 0 is external.
Interface 1 is trusted-192.168.1.1/24
Interface 2 is trusted-192.168.3.1/24
There is a VPN to another office that is 192.168.2.1/24

Our phone system is 192.168.1.5
If I plug a phone into the .2 network the phone will connect up without an issue.
If I plug a phone into the .3 network the phone will NOT connect up.

I assume there needs to be a policy in place to get the two to talk. I am unsure of what the policy needs to be.
0
When using a Synology NAS with Photo Station and you want to see your photos remotely, which ports should be opened on your router?
0
What are some security protocols that a company should take as far as daily checks related to security? Trying to create a template for my company and was curious what would be suggestable protocols to run every day, weekly, monthly,bi-monthly?
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.