[Webinar] Streamline your web hosting managementRegister Today

x

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi guys

We've had a major possible breach over at our side.

One of our accountants ended up sending an email to a client with our bank details etc. Few days passed and our accountant asked where the money was and was told the client had wired it to them.

Anyway after checking, the client showed a screenshot of the account details that they were sent by our accountant. When we looked, the account details had been manipulated!! They were totally different.
 
I am trying to investigate whether it was our emails that were intercepted or the client.

I have some tools which I can install, but we are within a guarded firewall environment. The firewalls are Watchguard's and we have got all of the APT and IP intrusion selected. We are in a domain environment. We use Messagelabs to protect our perimeter from spam emails etc.

In terms of intercepting the email, is it possible that our account has had some sort of keylogger or malware installed that feeds information back to the criminals?

Thanks for helping
Yashy
0
Hire Technology Freelancers with Gigs
LVL 11
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Hello,

I am having odd issue that I'm not sure if I understand correctly. I am working with Cisco Firepower. Here is the scoop:

I have defined my access policy. It consists of 12 points, it's attached if you like to see. Either way, I am allowing several sites, blocking several other. Here is where the problem comes.
Bullet number 10 and 11, has several countries blocked. One example is, I have Thailand blocked. One of my techs came to me the other day and asked if I can allow a website called "synology.com" it's a IT data storage company with servers in Thailand. So, I go my step # 4 and even 7 and add synology.com to ALLOWED sites. Apply it, and check. It's a no go. Can't get to it. Just for the sake, I took out Thailand as one of the blocked countries and apply the configs and try, and it works. So now it's clearly the country issue. I really don't think that this is how they intended this to work. I should be able to block the whole country and allow just one or several websites from it.

After playing with this for several days, for some reason or other I decided to change my internal DNS to 8.8.8.8. With the country still blocked, I was now able to get out to the website. It came down to DNS queries being blocked to Thailand. So, I created a rule # 9, allow my internal DNS servers out to Thailand. I changed my DNS to my original and I was able to get out. The problem with that now is that I am able to get to ALL websites in Thailand. That defeats the purpose of…
0
Hi experts,
The company’s implementing SecureTower DLP. Did anyone work with that? I’m trying to find any 3rd parties reviews.
Regards.
0
Hi All, looking for a pen testing solution we can use to test our external and internal network, what do you recommend?

Thanks!
0
Are there any useful IT risk frameworks that are applicable in general terms to any IT organisation? I appreciate risk is organation specific but high level risks around systems availability security etc are common to all. I was after a baseline of common risks and wondered if these have been defined in any top level framework in which to asses our mitigations/controls.
0
Watchguard to Draytek site to site VPN - 2 tunnels required.

WG side has local IP of 192.168.1.1/24 and this needs linking to the draytek which has 2 LAN 10.0.0.1/24 and 192.168.100.1/24

I need a tunnel for both

Now i can set this up with one tunnel no issue. but cant see anywhere to add a second tunnel on the draytek end. Ive herd GRE might be the answer my question but havnt used this before.

How do i add a second tunnel. I have also tried a second VPN with the other tunnel but this causes both VPNs to alternate and not work correctly. any help or questions welcome
0
Hi Guys,

In many managed switches (HPE, DELL, CISCO) There's an option to bounce a port via a radius request (useful reauthenticating MAC based devices with very long re-auth timeouts like printers).

I'm implementing a NAC solution and all the switches are Junipers. I can't for the life of me find a way to bounce a port.. the only way I see is to disable and enable the port, both of which require a commit, and on a 3 member chassis, It's a long commit....

Any ideas? perhaps via SNMP or anything else?
0
We have Watchguard m400. The firewall is blocking EXE download. I want to allow only help desk to be able to download EXE, drive etc. How can i do this ?

thanks
0
My OS is win10 pro 64 bit.  Due to recent security hacking on my pc, I am thinking if NordVPN would provide the security preventing everyone from entry.  I have Avast Premier protection.  Or can I use ZoneAlarm or some other software.  Thank u and regards.
0
My OS is win 10 pro 64 bit.  My pc is a lennovo m72e.   I use Verizon DSL and the pc is connected via a modem, which has about 5 ports, allowing for ethernet connection.  Last week a hacker managed to hack into my pc.  My question is if I were to change the port which the ethernet cable is connected, can the hacker get into my pc again?  I have Avast security protection and the OS' own.  thank u
0
SMB Security Just Got a Layer Stronger
LVL 1
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

i currently have a watchguard firebox with UTM and using vmware.
im currently upgrading the environment to the latest vmware and nsx.
is it recommended to eliminate the watchguard and ONLY use NSX?
0
Hi,
I added a Content-Security-Policy that works in Firefox and Chrome but not Safari.  I am using Safari 10.1.2. In Safari I get the error:
“Refused to apply a stylesheet because its hash, its nonce, or 'unsafe-inline' does not appear in the style-src directive of the Content Security Policy.”
So, I tried adding ‘unsafe-inline' to style-src but I still get the error in Safari.  I have some hashes in style-src (that were provided by Chrome), and when I get rid of the hash, Safari gives no errors as long as I have ‘unsafe-inline’ written.  If I put the hash back in, I get the error again in Safari.  The other browsers work fine.  Does anyone know what I can do to get the Content-Security-Policy working in Safari?  Any help is greatly appreciated!
0
Q1:
Is the following a valid risk & any CVSS rating assigned to it?:
Symantec SSL certificates are rated by Google & Mozilla as risky & recommends to deprecate them prematurely even before its expiry; URL:
https://blog.qualys.com/ssllabs/2017/09/26/google-and-mozilla-deprecating-existing-symantec-certificates

Q2:
Which other vendors' SSL certs would you recommend to replace Symantec's?

Q3:
if we don't replace, what are the mitigating controls we can put in place?

Can it wait till Oct 2018 to remediate?
0
I inherited a Class B network years ago and am just now wanting to do a major overhaul.  Currently the LAN network is 10.1.0.0/16.  It is currently just a flat network with servers and clients dispersed throughout.  I want to segment the network into the following categories: Servers (25ea now), Workstations (100ea now), Printers (30ea now), Utility devices (20ea now).  All of our wireless clients are connected on the outside of the firewall and are outside the scope of this question.  Our firewall is a WatchGuard device.

Should I rework the ip address scheme?  If so, can someone layout an example of what I should do?

thanks!
Lance
0
Hello Experts,
I am looking for free or open source to perform security audit on our Cisco Switches, Routers and Firewalls because  I want to know the vulnerbilty and security holes in these network devices

Any suggestions are welcomed.
0
The Payment Card Industry has mandated that all PCI customers must migrate from SSL and TLS 1.0 to be considered compliant by June 30th 2018.  I want to migrate from TLS 1.0 and make TLS 1.1 and TLS 1.2 available for use.  I know that you can enable and disable both within the registry and in the "Internet Options Advanced Tab. On a Windows server 2008R2  through Windows 2012R2  where can I find the configuration for TLS 1.1 or 1.2 to be used whether an application, executable, or even the website? I have looked throughout IIS and cannot figure this out. Thanks in advance for any help available.
0
Hi,

We have a lot of messages about land attack in our ASA (5540) firewall:
"
ASA-2-106017: Deny IP due to Land Attack from A.B.C.149 to A.B.C.149
...
"
A.B.C.149 is public IP address for about 32 local IP that PATed to it.

Proxy ARP is enabled on outside and two inside interfaces. Topology is attached.

Sincerely
Salmanian
Top.png
0
There's request to open up ACL tool to Internet from a server:

a) is the licensing validation once-off only or periodically?  If periodically how often is this &
    under what circumstances it needs to reach out to ACL licence server?  Say it exceeds
    certain number of records to analyse, then it validates?

b) anyone know which URL it connects out (or its incoming) for this license validation?

c) if we go through bluecoat proxy, will it work?  I'm planning to restrict to specific URL
    for outgoing only (or is incoming port required too)?
0
Been having an issue configuring a remote Cisco 1941 to use our windows radius server.  Currently we use this radius server for the ASA VPN access without any issues.

Trying to see if I am missing a command.  VPN is working using the local VPN account.  When trying to change it to the radius aaa group nothing happens.


Building configuration...

Current configuration : 7825 bytes
!
! Last configuration change at 14:47:53 GMT Tue Dec 5 2017 by administrator
! NVRAM config last updated at 14:42:00 GMT Tue Dec 5 2017 by administrator
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ARG-ROUTER01
!
boot-start-marker
boot system flash:c1900-universalk9-mz.SPA.154-3.M6a.bin
boot-end-marker
!
!
enable secret 5
enable password 7
!
aaa new-model
!
!
aaa group server radius CHI
 ip radius source-interface GigabitEthernet0/0
!
aaa authentication login SSLVPN_AAA local
aaa authentication login CHI group radius local
!
!
!
!
!
aaa session-id common
clock timezone GMT -4 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip domain name dental.priv
ip name-server 10.204.1.1
ip inspect name SAARG_TRAFFIC tcp
ip inspect name SAARG_TRAFFIC udp
ip inspect name SAARG_TRAFFIC telnet
ip inspect name SAARG_TRAFFIC snmp
ip inspect name SAARG_TRAFFIC smtp
ip inspect name SAARG_TRAFFIC skinny
ip inspect name SAARG_TRAFFIC rtsp
ip inspect name SAARG_TRAFFIC realaudio
ip inspect…
0
Firewall Management 201 with Professor Wool
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

we have a mixed mcrosoft environment of windows v7 and windows 10 (pro 64 bit) clients attached to a couple of hyperv 2012r2 servers and one separate exchange 2010 server in a stand alone 2012r2 server.

we currently implement a single stage complex password authentication.

however we have been asked to provide 2 factor authentication for our administrator and our finance group (to start with) with a view to pushing this out to all in months to come.

can anyone advise on the best (simplest cost effective) way to achieve this.

any advice much appreciated.

many thanks
0
One of the Experts here on EE suggested GFI Languard.  So, we bought it and have  had it running for a few months.  As I get further into it and want to take advantage of its capabilities, I naturally have questions.

Being a "good customer" I figured to start on the community forum.  But I can't log in and I can't set up a new account.  I have LOTS of email addresses available and can set up new ones.  Yet, no matter which one I enter for a new Registration, it says "already used".  Can't be true of course.

Telephone customer support takes one to a menu that has nothing to do with customer support and, if you politely wait after not responding, it says "Goodbye".

I may be in the market for 3rd party Q&A at least.  Or, what might you suggest?
0
Watchguard mobile VPN stops receiving data whenever I reboot my laptop. It requires me to uninstall and install again to make it working. Can some please suggest me the cause of the issue.
1
My sonicwall is dropping my connection from a second subnet. I understand why, as it is identifying this 96... ip address as a WAN on the LAN. However I just simply want to allow all traffic from that IP to get through. How would I go about configuring the sonicwall?

I tried disabling IP Spoof Checking from the diag.html page, but it refuses to save and only says "there were no changes made".

01/15/2018 12:07:25.640      Alert      Intrusion Prevention      IP spoof dropped      96.67.165.X, 49873, X1      209.63.225.X, 80, X1      

Thanks!
0
Hi,

We are running an intranet in our organization...now we are thinking to provide the access of our intranet to the users even through their mobile..How can we do this... and is this possible?

Thanks in advance,
Srikanth Nandyala.
0
Hi,

I have a connection issue to my openvpn (Synology) on Windows, but same config works fine on Android.
On server itself I don't find any log indicating what is going on.

Can you advise?

Openvpn config (tcp to be able to connect from behind firewall) works fine on Android, not on Windows:
allow-recursive-routing
ifconfig-nowarn
client
verb 4
connect-retry 2 300
resolv-retry 60
dev tun
remote mysite:myport tcp-client
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</ca>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

</key>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

</cert>
comp-lzo
route-ipv6 ::/0
route 0.0.0.0 0.0.0.0 vpn_gateway
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
dhcp-option DOMAIN blinkt.de
nobind
persist-tun
# persist-tun also enables pre resolving to avoid DNS resolve problem
preresolve
# Use system proxy setting
#management-query-proxy
# Custom configuration options
# You are on your on own here :)
# These options found in the config file do not map to config settings:
mute-replay-warnings 
ifconfig-nowarn 
resolv-retry infinite 

Open in new window

Connection log
Thu Jan 11 18:23:09 2018   pkcs11_cert_private = DISABLED
Thu Jan 11 18:23:09 2018   pkcs11_cert_private = DISABLED
Thu Jan 11 18:23:09 2018   pkcs11_cert_private = DISABLED
Thu Jan 11 18:23:09 2018   pkcs11_cert_private = DISABLED
Thu Jan 11 18:23:09 2018   pkcs11_pin_cache_period = -1
Thu Jan 11 18:23:09 2018   pkcs11_id =

Open in new window

0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.