Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

Has anyone made use of the password protection settings in Azure AD in a hybrid environment? More specifically, the banned passwords and password protection for Windows Server for Active Directory? We're looking to leverage these settings in order to ensure 1) avoiding the use of particular words/phrases, and 2) ensure that these policies are also enforced on our on-prem Active Directory domain.
0
Hello, I am in need of a way to be 100% anonymous online, I have heard a bit little of everything, but I REALLY need an expert to tell me DEFINITELY HOW TO DO IT and what is the correct way, just to let you know I don't want to use TOR, I know there is Tails and Whonix but I need decent internet speed to use, and even if Tails and Whonix are very powerful in questions of hide your real IP seems like both use Tor which is very lag for me, anybody who say there is no way to be 100% anonymous online isn't correct, yes there is, hackers have been doing a great work and never being caught in their acts, of course some of them really get caught but some of them really know what they are doing and never get caught by lets say: FBI, NSA. All I wish is talk to a really expert that understand the discussion here and know how to REALLY DO IT, without promote any VPN, Tor and their exit nodes and its amazing lag and etc. I am right now more focused on RDP, since it give you a far VPS to manage, and also a new IP address, my only questions is if RDP is good for hide yourself since it connects you to another computer and gives you a new IP address, I heard Windows keeps logs of the real IP address behind the RDP and maybe the site you bought the RDP will have access to these logs or anything like that, or even the site who you bought the RDP can see your real IP address easily, I REALLY need someone who understand the discussion and advanced networking and security. I REALLY care about my …
0
How do I get the Cisco ASA to log ouput of connections similar to the way Palo Alto Networks does this just be
clicking Enable Logging on a particular rule. If I click on Log in ASDM it gives me seven different levels. I want to
know that the connection happened and details like I'd get in PAN monitoring tab. Thanks!
0
Hi, I am currently going through the initial phases of alligning to ISO 27001 for the purposes of being certified in this area.  My scope is quite small and in general all of the data will reside within Office 365, with Sharepoint and Teams being the main mechanisms or working.

With the various certifications achieved by Microsoft in this area, does this generally means that if Microsoft is ISO Certified, and their Statement of Applicability covers off most of my controls, acheiving the Certification for my company is a lot simpler?

Any advice on this would be great.

Thanks

Fingwong
0
Hi expert

anyone know the necessary port for a client pc or member server link to Windows 2012 AD?

below function is needed
1. windows login
2. login script
3. time sync and gpo update
4. dns service

i find many sites, but not really understand some terms on the service

appreciate if u can list for me

thanks
0
Hello Experts,

I am using a watchgaurd T70 and would like to set up two subnets on it. I would like to have the two subnets to have the ability to talk to each other as well. If anyone has information on how to do so, I would appreciate it.

Thank you
0
Trouble with Radius Authentication
I can SSH to the switch but radius authentication does not work. a local account on the switch works on SSH. How do I troubleshoot the issue.
client - cisco 2960x
radius server - Server 2016 NPS

Commands:
aaa new-model
aaa authentication login default group radius local
radius server Radius
 address ipv4 x.x.x.x auth-port 1812 acct-port 1813
 key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Thank you
Kiran
0
Recent article on Critical Vulnerabilities in Microsoft Windows Operating Systems, https://www.us-cert.gov/ncas/alerts/aa20-014a.. there seems to be quite a far bit to read up..
To reconfirm if just to check the the below kb is installed for the below operating systems under windows update to address for the 4 vulnerabilities?

Windows 10:
https://support.microsoft.com/en-us/help/4528760/windows-10-update-kb4528760

Windows Server 2012:
https://support.microsoft.com/en-us/help/4534283/windows-server-2012-update-kb4534283
https://support.microsoft.com/en-us/help/4534288/windows-server-2012-update-kb4534288

Windows Server 2008:
https://support.microsoft.com/en-us/help/4534310/windows-7-update-kb4534310
https://support.microsoft.com/en-us/help/4534314/windows-7-update-kb4534314
0
Hi,

I've been given the below from my network team.

192.168.10.0/20 – they've asked me to subnet accordingly and re-address your VLANs with.

Can someone advise what is required

Thanks in advance
0
Hello,

I wanted to know how I can block my home connection from reaching YouTube.  I have AT&T internet and they provided their own router/modem BGW210-700; however, I don't know how to block the site I need to...  I can get into the settings of the device, but can't locate where to block.  Also, is there another option to do this?  I called their customer service, but I feel like I'm talking martian talk with them.
0
Hi could someone validate this SQL query for correctness against the Rapid7 database schema?  I'm trying to pull a customized report of assets in my environment that have Adobe Acrobat and Reader installed on them.  I'd like to pull the following fields down in my report:  asset_count, vendor, name of software, family, version, host_name, osType and IP_address.  Any help is GREATLY appreciated!

SELECT count(da.asset_id) as asset_count, ds.vendor, ds.name as software_name,  ds.family, ds.version, host_name, osType, ip_address
FROM dim_asset_software das
  JOIN dim_software ds using (software_id)
  JOIN dim_asset da on da.asset_id = das.asset_id
GROUP BY ds.vendor, ds.name, ds.family, ds.version, ds.cpe
ORDER BY asset_count DESC

Open in new window

0
My business has recently expanded to servicing clients in the US Financial Sector.  Many of these business include Hedge Funds, Brokers, Traders, etc.  

During the initial phase of our relationship I am presented with data security questionnaires of which I have passed them all.  However, as part of my corporate strategic planning i would like to build a road map of IT improvements focused on Financial Sector Compliance.  

Does anyone know where I can find a book, or some other documentation, that details the IT Data Security requirements that members of the US Financial Sector must conform to?  I suspect they are governed by the SEC, FINRA, etc. but i am not positive.
1
Hi Expert,

Initially i setup exchange profile using proxy authentication setting - NTLM authentication
[embed=file 1437753

and the logon network security as - password authentication NTLM
Capture2.JPG
However, after reboot the PC and check back the outlook settings, the authentication method for proxy authentication has been changed to negotiate authentication.

Is this normal or i missed some configuration?
Capture.JPG
0
Hello,

I have this vulnerability in my environment and I need to fix it, but I don't know how, can someone help?
"Configure the system to enable or require SMB signing as appropriate. The method and effect of doing this is system specific.
 Note: ensure that SMB signing configuration is done for incoming connections (Server)."

Thanks
0
I have a cloud server with a public IP address of 1.1.1.1 (not the real IP). There are over 100 users on standalone PC's over 12 sites across the south of the country who have a mapped drive on their devices using the UNC path \\1.1.1.1\data. The cloud provider can't upgrade the OS on the server (it's currently server 2008) and therefore a new one needs to be provisioned. I'm migrating the AD data over and replicating the domain name etc. I somehow need to map all users to the new UNC path \\2.2.2.2\data with ease. I can't use the hostfile mapping as DNS is not involved.

The question therefore is as follows: Is there an easy way using the command line or PowerShell to route the old IP address 1.1.1.1 to the new IP address 2.2.2.2 so I don't have to re-map over 100 devices or do I suck it up and remap from scratch?
1
There are 2 mac pc on my network which are not provide from my company .
All the pcs which are provided by my company had installed the esset antivirus .

The esset antivirus detect tcp attack by these 2 pcs.  The problem is that since the esset is not install to these 2 macs  
i don't know if there is any malicious program to these 2 macs or if the mac use something which is not recognized by the esset .

I need any advise how to manage this issue
0
hi am not able to connect to my via ftp but i can ping my vm am using winscp my vm is in linux ubuntu my host is window 10
host
0
I have a WatchGuard M370 Firebox with L2TP and IPSec.  My users login to the firebox and then to a terminal server or in some cases their desktops. It's basically a 2 factor system, they login to the firebox and then to the server - I want to keep that.   I have a bunch of users who take home laptops and work at home and I'm wondering if there's a way to have my Group Policy enforced while they are on VPN.  My VPN is a dmz so it's not actually part of the network,  however, if you type and IP address chances are you'll get where you need to go.  SO for example my home users connect to a terminal server in the DMZ.  They are using Laptops we created here, but if they are not acknowledged on the domain after 60 days I'm having to put them back on the domain because the trust relationship fails.  I want to try to avoid this.  Is there a way to do it?
0
I am upgrading our Network and wanted to see if I am thinking properly.  I want to utilize 2 Different firewalls with a shared DMZ Zone.  Below is the configuration I am thinking about deploying.  I am using fictious IP's.

Internet
---------------------------------------------
Router IP - 50.50.50.1
--------------------------------------------
Firewall 1 WAN IP - 50.50.50.2
Firewall 1 DMZ IP - 10.0.0.1
---------------------------------------------
Server with Dual NIC's
Firewall 1 DMZ Server IP - 10.0.0.2
Firewall 2 DMZ Server IP - 10.0.1.2
---------------------------------------------
Firewall 2 DMZ IP - 10.0.1.1
Firewall 2 LAN IP - 192.168.0.1
---------------------------------------------
LAN Network

Firewall Rules
Firewall 1 WAN Allow Firewall 2 LAN
Firewall 1 WAN Allow Firewall 1 DMZ
Firewall 1 DMZ Block Firewall 2 LAN

Firewall 2 LAN Allow Firewall 1 WAN
Firewall 2 LAN Allow Firewall 2 DMZ
Firewall 2 LAN Block Firewall 1 DMZ


What do you think?
2-FW-DMZ-Diagram.pdf
1
Hey all,

With the increased threat of threats out there, I am wondering if I am doing enough for my clients and would like some sort of input as to what I should be doing more of to combat the threat of cybercrime

My usual Firewall install for a client is a Sophos XG with Threat protection, IPS & AV enabled with SSL VPN setups for people accessing the network. I suppose I am one of those people who want to make sure I have done everything to protect a network and want to ask a stupid question.. when it comes to RDP brute force attacks, if we don't have any WAN>LAN rules to open RDP ports, are we safe or do we need to physically go in and disable RDP protocol on every machine.

I know the threat has been around for ages but I need to get some clarification on this so any serious answers accepted, please.
0
I know encryption decryption mechanism for a typical HTTPS based communications.

However, Failed to understand the how chemistry between below 2 blocks works  
{private&Public key} ---vs-  {SSL certificate }

Please advice
0
I have an oracle HTTP server 12.3.1 which is based on Apache 2.2 running on RHEL 7.4 machine.

I use it to run a web oracle database application via mod_plsql.

It has been running fine for years.

Last week users started reporting outage and very slow reponse time.

I found out that this happens when the number of connections goes from 50 to several hundreds. See attached list.
This was as a result of foreign IPs running a scanner or Sync DoS attack. Security does not admit this is
a DoS attack but more of a public scanner that always run on most sites.

The traffic coming to my web server goes through an IDS, Load Balancer, Palo Alto Firewall, WAF and then my web server.

We added a rule on firewall to block all internation Ip but a few hours later I found a scan started from an IP in california.

Security claims they cant prevent these scanners to scan the public site and that I should fix the issue on web server by hardening or tuning the Apache server.

MY web server has 16 GB RAM. I upped the MaXCLients for Apache from 150 to 450 and added SYN_COOKIES to the linux machine.
I dont know if this will provide protection yet or not.

My questions,

1) Is what security say correct? Should not the SYN flood attacks be blocked on the IDS or firewall device?


2) what can i do for tuning in Apache to solve this problem and prevent of connection overload to hang the server?

3) Could it be that RHEL or Oracle web server is not killing open connections …
0
I have some security industry certifications, CEH, Palo Alto, Comptia CASP and security + and wanted to know what GIAC certs are most marketable.  I understand that this will also be affiliated with what my present position is and what my future position will be as well...
But I wanted to, in general, know which GIAC cert is most valuable. My current position is at a SOC for a financial company where I do security operations.  I'm also enrolled in a MS for cybersecurity as well.

Thanks for your input.
0
I have the following network and wanted to get your opinion, from a security/network point of view as to what is wrong and what to do about it.security issue
1
What are some services or applications that would be recommended to mssp's so that they can have 2fa on their windows logins and their domains? That way we can provide an extra level of security to ourselves and our clients.
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.