Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

Need some elaborations on mitigations against Sea Turtle.

Refer to:
https://searchsecurity.techtarget.com/news/252461987/DNS-hijacking-campaign-targets-national-security-organizations?track=NL-1820&ad=927135&src=927135&asrc=EM_NLN_111884098&utm_medium=EM&utm_source=NLN&utm_campaign=20190424_DNS%20hijackers%20attack%20national%20security%20organizations%20and%20critical%20infrastructure

Q1:
"Talos suggests using a registry lock service, which will require an out-of-band message before any changes can occur to an organization's DNS record"
How exactly is this done?  Assume the DNS server is either a Unix DNS BIND or an F5 GTM

Q2:
"If your registrar does not offer a registry lock service, we recommend implementing multifactor authentication"
Line above meant to say the registrar (which I think is our local telco) need to implement MFA for their admins to
login to their DNS server or it's us?  We do use our AD as a WINS/DNS server.

Q3:
"we recommend applying patches, especially on internet-facing machines"
We have Solaris 10 & Windows 2008R2/2016 facing internet.  Can point me to the specific applicable patches?

Q4:
Our threat intel gave the following 2 DNS as SeaTurtle IOCs, so what are we suppose to do with them?
Ensure all endpoints don't use/point to them as DNS or block at firewall or we can get our secure DNS
providers (eg: Umbrella, Cleanbrowsing, QUAD) to do something at their end?
  ns1.xxx.com
  ns2.xxx.com

Q5:
the intel also give a list…
0
CEOs need to know what they should worry about
CEOs need to know what they should worry about

Nearly every week during the past few years has featured a headline about the latest data breach, malware attack, ransomware demand, or unrecoverable corporate data loss. Those stories are frequently followed by news that the CEOs at those companies were forced to resign.

I want to make network discovery in all private IP ranges Which the best method.
1.Which ranges should be scanned and the block size?
Which the best tool to conduct this duty?
I have nessus pro
Nmap
The tool should be rapid and no more noise or traffic in enterprise network.
Thank you.
0
There are "Browser Isolation Software" on the market.
https://www.g2.com/categories/browser-isolation

I want to develop remote browser that works as proxy or works like RemoteApp.
How can I build such software with open source ?
Do they use Server Side Rendering ?

The components of the system is browser on Windows PC --> Linux(Web Browser) -->Internet.

Any advice welcome.
0
Laptop (Supplicant) -------------------- Authenticator ------------ Freeradius server
  (Windows 10)            wired LAN             Switch                       (Version 2.1.12)
     
Configured Windows 10 Laptop to do 802.1x EAP-TLS authentication. Copied certificates
generated by Freeradius server to the Laptop. However EAP-TLS Authentication
is not initiated by the Laptop (Supplicant). No EAP packets are transmitted from
the Laptop towards the Switch. Also Laptop does not respond to EAP Identity Request
sent by switch to the Supplicant.

Is there any issue with the Windows version for EAP-TLS ?
Is there any way to check logs/events to see what happens to the received EAP Identity Request
packet received on Supplicant from the switch ?
0
I have 3 Remote Desktop server running Wndows 2016. user experiencing the following  " Your roaming profile was not completely synchronized. See the event log for details or contact administrator".

Event log shows the following    

Windows cannot copy file \\?\C:\Users\ARA\System Volume Information to location \\?\UNC\Fileserver\Rprofiles\ARA.V6\System Volume Information. This error may be caused by network problems or insufficient security rights.

 DETAIL - Access is denied.

Any suggestion for resolution.
Regards Rashid
0
We use our proxy to whitelist certain trusted sites only
(ie by default all URLs out there in the Internet is blacklisted).

We whitelist  *.microsoft.com & the O365  URL but these
URLs are further 'linked' to other URLs like
  outlook.live.com & a Skype url for business  :
need to allow/whitelist these (Skype for home/consumers
not needed, it's only for the 'business' that's needed).

Is there a way to find out all the sub-URLs of the MS sites:
think I've heard of a tool that could 'spider' or 'retrieve'
all sub-URLs within a site but can't recall the tool name.

Also, give a brief instruction on how to use the tool
0
hello
i have captive portal that is work under pfsense
is there any software for windows and andriod can installed and authentece instead of web browsing like sohpos ?
thanks.
0
Hello everyone,


I have a Cisco ASA 5516 with two inside interfaces. One is for customer LAN and another is for a few branch offices connected via a router that is connected to the 2nd Inside interface (All those offices are in the same building connected by a FO backbone. Customer is going to replace an old ASA 5510 where almost the same config already works.  

LAN network is 192.168.0.0/24 connected to 1/3 on ASA

Branch Offices are connected to 192.168.2.0/24 connected to 1/4 on ASA
 
I want to be able to ping and have unrestricted traffic between them.

Currently I have a laptop connected to int 1/3 and another one connected to Int 1/4 but no ping.

Someone please help!

Here's the configuration

ASA Version 9.8(2)17
!
hostname ASAFCHFW
domain-name mydomain.com
enable password $sha512$5000$pt2nRGQbSXA8K3vdow+Ztg==$kGNfDJREqQCQ+jO7m0bxmQ== pbkdf2
names
no mac-address auto

!
interface GigabitEthernet1/1
nameif Outside
security-level 0
ip address x.x.x.131 255.255.255.240
!
interface GigabitEthernet1/2
nameif DMZ
security-level 10
ip address 172.16.31.1 255.255.255.240
!
interface GigabitEthernet1/3
nameif Inside
security-level 100
ip address 192.168.0.2 255.255.255.0
!
interface GigabitEthernet1/4
nameif Branch_Office
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no …
0
Dear experts,

One of my clients is working with Cyber security company and I want to get some idea.

What is the difference between the PENTEST and Vulnerability test?
What test should I perform on the servers
what type of test should I perform on the workstation and laptops.
0
Hi All,

We are looking at a way to control and monitor our internet usage. What we require is a way to block certain sites, such as porn, but also to notify when other site categories are accessed. We use a WatchGuard firewall with web blocker which is applied to a http proxy. We can setup a https proxy and apply the web blocker, however this will require a certificate to be installed at the client to work. No real biggie for our domain users. However we have a number of third party users that bring their own devices at a different physical location, that it will be very difficult to install the certificate / manage these devices as there is a high turnover of people / devices.

What is the best way to manage this? If via the firewall, how best to manage the third party devices/ certificate install. Internet proxy? if so any recommendations? For the third party devices, the access point is Meraki, can the above be achieved via the AP?

Thanks for your help
Paul
0
Active Protection takes the fight to cryptojacking
LVL 2
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Is there a way to export a Sonicwall firewall appliance to a CSV format so we can import to a Meraki firewall?
0
Dear Experts

We have deployed customized business application which is developed using sugar crm and it is hosted on premises. The data that we store is confidential, we have challenges in achieving certain dashboards and understood from developers that they can deliver those but the server requires internet to fetch the javascript library from google server. The library is fetched on each page load and browser renders the chart. The URL from where the library is fetched is https://www.gstatic.com/charts/loader.js 
The chart we integrated with Sugar CRM only downloads a javascript library on each page loads and does not send any data to any server(According to Google). Please refer to this link: https://developers.google.com/chart/interactive/docs/gallery/combochart#data-policy
Please suggest If we go with this integration will our data is not exposed to google, we do not suspect google but as per our internal policy we should ensure the data is not exposed to external network, please suggest. Thanks in advance.
0
Hi fellas.

I have a rather strange problem.
I have an Aruba ClearPass installed at one of my clients who has an assortment of various switches communicating with it and using it as a Radius and a NAC.
one of them is an HP 4204VL.
We are currently debugging a certain computer to try and find the cause, but the problem is not localized to that specific computer, switch or switch model.
The problem is as follows:
When a network cable is plugged into the computer, it attempts to authenticate against the switch - the switch sends the 802.1x frame to the clearpass which authenticates the user against the active directory and approves the user - so far, so good. the problem is, this process repeats itself every 30 seconds (and I do mean every 30 seconds on the clock.

The authentiction config is as follows:
4204VL_Netanya(config)# show port-access authenticator b24 config

 Port Access Authenticator Configuration

  Port-access authenticator activated [No] : Yes
  Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : No

       | Re-auth Access   Max   Quiet   TX       Supplicant Server   Cntrl
  Port | Period  Control  Reqs  Period  Timeout  Timeout    Timeout  Dir
  ---- + ------- -------- ----- ------- -------- ---------- -------- -----
  B24  | 28800   Auto     2     60      30       300        300      both

Open in new window


The operating system is Windows 7.

I should note the following - if I force a re-auth via the switch, the system normalizes (on the specific port I forced to reauth) for 3 hours, but then it goes back to the same problem.
I tried uninstalled the antivirus and any other debug I could think of.

any help of Idea you might have will be appriciated.
0
Hi Guys,

I have a fortinet 100E UTM device.  I was applying a SSL Web certifcate and foolishly imported this into the wrong area (Remote Certifcate ... rather than Local).  So I deleted the certifcate in the GUI and tried to re-import it to Local.  However, when doing this, it gives up an error of :     Certificate file is duplicated for CA/LOCAL/REMOTE cert.

I've rebooted the box, but still getting the same error.

Anyone came across this before?

Many thanks guys, appreciate your help.
0
Is there an IP address block list manager for the latest versions of OS X similar to Peer Block or Peer Guardian?  I need the ability to block communication between my Mac and thousands of IP addresses without slowing things down.  The block list manager should be able to import a list containing hundreds of thousands of IP addresses in a common format and prevent incoming and outgoing communication between the Mac and IP addresses in the list.
0
Fortigate 100E Deep Packet Inspection - DPI Performance Issues

We have two Fortigate 100E devices, each at a different site, that have problems when DPI is turned on.  We've opened a case for each with support, but haven't seen any progress on resolution.  I want to share here in case anyone has any insight on this...maybe something you saw and solved without engaging Fortinet support.

FW 1 Issue Description.

We've been experiencing a problem with deep inspection where all websites time out unless we switch to certificate inspection. A firewall reboot will temporarily resolve the issue, but it returns within 10 days or so. CPU and memory are both completely fine (CPU under 10% and memory under 60%).

This configuration ran fine with no issues with deep inspection for probably close to two years. Issue started after updating from 5.4 to 5.6.7. We then updated to 6.0.4 to try and remedy the issue per Fortinet's recommendation but the issue keeps returning every 10 to 14 days.  

FW 2 Issue Description.

This firewall was new in October and implemented using 6.0.3

We are experiencing issues when enabling SSL Deep Packet Inspection for domain users in a single 100E, 40-50 user environment.We had a separate policy with SSL DPI enabled for 4-6 users for a couple weeks with zero issues.Then I turned it on for all users (same policy just a different user group), and after about 4-5 hours, all outbound internet stops working for users on all sites, exceptions or …
0
I am trying to load some .cer files in to a java .keystore file, using the keytool command. For one of the .cer file, I am expecting to import it as a PrivateKeyEntry. However, the result of "keytool -list" command shows that all certificate are imported as trustedCertEntry.

In the "keytool -importcert" command I toggled off the -trustcacerts (idea from https://stackoverflow.com/questions/24974324/import-certificate-as-privatekeyentry ), but it didn't make a difference on the result for me.

Can you help me on clarifying these questions:
1. can "keytool -importcert" import PrivateKeyEntry into the .keystore file?
2. Is the type (PrivateKeyEntry/trustedCertEntry) of the imported certificates in .keystore decided by the way of importing? or by the .cer file itself?
3. If decided by the way of importing, how to do that?
4. If by the .cer file itself, how to check which type it is?

Thank you!
0
So I have had an ongoing issue between a Sonicwall firewall and 2008 R2 server utilizing NPS for radius authentication.  The issue is that it will be all setup and working fine, for about a week.  At some point the communication just breaks down.  If I attempt to use the test on the sonicwall it returns a communication error.

The fix is to retype the shared secret on the sonicwall side only, then hit apply.  After that it works again for about another week.  I have no idea what would be causing this or how to fix permanently.
0
Dear Experts

We have application servers hosted on-premise, the servers are behind the firewall.  users who access the application server from external network have to pass though the VPN network. I am looking for the network monitoring tool and also vulnerable scanning tool for web application server. I found following New Relic network monitoring tool and Qualys Security solution but these are cloud based. Please suggest for on premise deployment and suggestions please.
Thanks in advance.
1
Acronis Global Cyber Summit 2019 in Miami
 Acronis Global Cyber Summit 2019 in Miami

The Acronis Global Cyber Summit 2019 will be held at the Fontainebleau Miami Beach Resort on October 13–16, 2019, and it promises to be the must-attend event for IT infrastructure managers, CIOs, service providers, value-added resellers, ISVs, and developers.

Hi experts.   I have a customer that got an encryption virus and we are dealing with it.   I am looking for any kind of way to setup the network so we don't get those, even if the client did click on the bad email.   We have taught most of our users to forward it to us if  it looks suspicious.  Always check the from address and that will tell you more.   But they still clicked on it and invited it in.,     We have 2 servers and about 25 workstations.  Have a Watchguard firewall and Bitdefender on all the machines.  
Any guidelines would be appreciated.
0
I have firewall that blocks some IP's from accessing the Internet that works fine. When an user comes in from the VPN they are able to access any devices except the devices that are being blocked from Internet access. I would like help troubleshooting or creating a policy that will keep the network devices from access the internet but when an user logs into the vpn they are able to access the devices.
0
Hello,

I am looking at a security report which shows a LAN server is communicating to an external IP 37.48.82.67 which the traffics are unusual.

I have run an AV scan on the server and find no threat.  I do not see any unusual windows services running on the server.

What else I should check.

Please advise.

Many thanks.
0
I'm looking for someone to help setup a new watchguard T15 and a BOVPN to an existing XTM25.  I know enough to be dangerous (maybe even that much).

I'd envision to have the person on the phone / remoted into my PC which would be on the LAN side of the T15 and I'd have team viewer connection to a PC on the LAN side of the XTM25 to set up the vpn (you are probably saying there's better ways to do the setup, but that's an indication of what I do and don't know).
0
How to enable EAP-TLS for Network Policy Server. Checklist...
0
Hello,

Have a smaller client that has been using a Cyberoam CR15ing for quite a with a Google Fiber connection and a LAN of about 15 endpoints. They recently moved, but the ISP is still Google Fiber. They had to leave the GF box, but we configured the new one identical to the original. So the only difference should be the public / external IP of the GF box - which is set with the CR15ing as the "DMZ" (all traffic passed through to this device). This is bridge-mode setting for the GF box, but the Cyberoam still gets an internal IP on its WAN side. Not sure any of this matters, as the exact same config worked for years at the previous location with same ISP, same hardware, act.

At the new location, the internet connection and outbound traffic seems fine, but the inbound is not working right. Some traffic is getting through, but it seems selective. The FTP virtual host / port-forward is not allowing a external connection, but I cannot figure out why.

The firewall logs are not showing anything hitting port 21.

Also, we keep getting a flood of Local ACL denied events in the firewall log.

See screens below. Please advise if you have any ideas.

rules
logs
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.