Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

Our HQ  (domain is  orgname.com) often have staff travelling to our country (different domain,
say org2name.com.au) as well as staff from our country often go there & we have separate AD,
DNS & MS Exchange servers.  In fact we are neighbouring countries.

We have a dedicated leased line between the HQ & us but with firewalls doing NAT in between.

Will need to grant staff access to their mailboxes seamlessly without compromising
security.  What are the trusts to permit between our HQ & us?   We are regulated differently
by different financial regulators so credit card & our customers information can't be shared.

We will maintain email Exchange servers and email filtering security tool (Proofpoint) separately.
Thing is staff who are seconded to be based here from HQ may go back once every 6-monthly
(for say a period of 3 weeks before returning): likely the staff seconded here will continue to
use HQ's mailbox but their laptops will login to our local country's AD/domain: any trust to
be permitted here & what are the best practices?  Usually staff seconded here (or vice-versa)
 for 1-3 years will go back to HQ once their term here expires

We are also implementing email encryption (Voltage) & our HQ will implement it later (maybe
6-10 months later) : so need to consider this aspect as well.  Staff based here will use email
encryption of HQ & likewise staff from our country going there will use email encryption here.

The staff that …
Q2 2017 - Latest Malware & Internet Attacks
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

I have been trying to connect to a Watchguard XTM 330 L2TP vpn using the windows client, keep getting the message that it can't resolve the server name. Using a Windows 2012 Radius server that I can authenticate to from inside the network. DNS is configured on the policy for the watchguard etc. When we use the Watchguard SSLVPN client it works just fine. We use roaming profiles so the SSLVPN client won't work with them. Anyone have any suggestions?
Looking for recommendations for a product that will allow tracking of files that are opened/moved/copied on a Windows Network.  I know there are many full blown enterprise level products that handle this, but I'm looking for a simpler, more localized equivalent.

I'm not aware of anything in native Windows Server that will allow this level of tracking.  Could be wrong about that.

Any recommendations appreciated.

If you connect to a secure bank site, or even Facebook using HTTPS, on an open non secure WiFi, is the data between your computer and the site secure?
I was recently tasked with setting up a VPN for a client of ours for accessing files from home. We are able to successfully login however when we try to map drives or access resources we are unable to. Mapping drives errors as is we are not in that domain. Trying to access the drives through Explorer returns the same. Can anyone assist with this please?
Hi Everyone,

I would like to use the Meraki MDM SCEP service to hand out certificates for users enrolling to the Meraki System Manager platform. The certificates will then be used to authenticate against Cisco ISE for wireless access.

I've added the AD to the Meraki Platform and added the profile to be pushed down to ISE on the platform as well. Cisco ISE has also been added to the Meraki Platform.

As part of the SCEP process for Meraki I'm supposed to download the SCEP CA certificate and have it signed to the Microsoft CA. I assume I would need to export the .csr file and have it signed via web enrollment. However I'm not sure what template to use in order to have it signed for the correct use. When I import a standard user template it is signed for the account which i used to log into the web enrollment page (Admin user). Of course this is not the correct solution as the certificate needs to be for all users i.e. it needs to be for %User% so all users can get a certificate and enroll. I can then add this certificate to ISE. Can anyone help?
Hello all,

I've been stumped on this issue for the past week and figured I'd ask around for possible solutions.

Company's internal website (http://companyweb) redirects to an external website (colfaxcorp.com), BUT only on two local workstations. The redirect isn't profile specific, and only these two workstations are affected regardless of the web browser used.

What I've tried:
Clearing caches and cookies
Various malware scanners. malwarebytes, hitman pro, tddskiller, and more.    No threats found.
DNS flush on workstations
Modifying the host file. (which actually solved the immediate problem, but removing my changes reverts back to the same issue)

Anyone have any insight on this issue?

Further to the question I posted above, besides the 30+ critical PCs (for Swift processing), we have about
20 Tally network printers used to print critical SWIFT messages : the PCs & printers are at various physical
locations : 1-3 PCs may spool print to one of those printers.

Heard that in Banglades bank's SWIFT heist, hacker intercepted print job, learnt how to send fabricated
data to the printer.   We can secure the PCs with Windows Firewall but what about the printers?

To create isolated VLANs & move these PCs & printers to the dedicated VLANs require changing IP addrs
of these PCs/printers & may incur downtime & if not planned carefully, disruptions.  Would creatiing
MAC addr ACLs on the switches that these PCs & printers are connected to help?

Our netwk support said it's no longer a common practice to do MAC-based ACLs? Is this true?
Or it's simply too much of an effort for the 30 PCs & 20 printers?

Can Layer 2 switch support MAC ACLs?
Hi everyone!  I just wanted to thank everyone in advance for any advice or suggestions.

I am trying to implement simple Network Printer MAC Authentication on our Network.  I've configured my HP A5120 switch with global and port specific MAC settings, I've created a 2016 NPS "Connection Request Policy", and I've created a new Active Directory user using the printer's MAC address as the username and password.  However, I cannot get a successful MAC authentication between the Printer<->Switch<->NPS Radius Server.  I've tried using the config for user-name-format both as "with-hyphen" and "without-hyphen".  It's probably something silly and really simple, but I'm stuck.  If someone could verify my Switch and NPS configurations, I would be super grateful.

Below are my configurations and terminal debugging for reference:

***[HP A 5120 configuration]***
#Configure A5120 port which Printer is connected to…
# Enable MAC authentication globally.
# Enable MAC authentication on Int GigabitEthernet 2/0/22
int gig 2/0/22
#Specify domain for MAC Auth
mac-authentication domain hcd.ca.gov
#Config MAC auth to use MAC-based accounts. MAC usernames and paswords are NOT hyphenated
mac-authentication user-name-format mac-address with-hyphen lowercase
# Enable MAC authentication on GigabitEthernet 1/0/8, and specify a guest-vlan VLAN
mac-authentication guest-vlan 25
#Critical Mac Auth Vlan
mac-authentication critical vlan 30…
Very strange, this morning when I turned on the computer I got a message that Malwarebytes (I have Pro version) has been turned off. When I turned it on, the option "Protection against malicious code" was switched off, and I can not switch it on! All other options are selectable and can be switched on, but not this option.

Last time I was in Manila I had similar problems with strange things happening. Then when I left the problems disappeared. And most often here in Manila I get warnings when connecting to the hotel wifi about insecure network or dangerous connection.

All kinds of small problems since 2 days when suddenly I got this problem with the message "Waiting for proxy tunnel" in Google Chrome and "TLS handshake" in Mozilla Firefox:


Other problems: Can not use Google API any longer for connection to Google Translate API for my CAT tool. Can not switch input language any longer. Can not run Windows Update any longer:


Other problems (continued):

Takes ages to save a text document or other document ("Not responding").
"Google has authentication problems" when logged in to Gmail.

Etc. etc. (new issues coming up all the time).
Get free NFR key for Veeam Availability Suite 9.5
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments


We've recently deployed the CIS L1 computer benchmarks for windows 7 and 10.  I've run into an issue on a subset of machines receiving ip addresses.  Occasionally, they will not grab an ip address via dhcp on wireless or wired.  It doesn't matter if the user is at home or in the office.

I ran wireshark to see what is happening during the dhcp process.  The discovery and offer occurs, but I never see the workstation send the request.  The discovery and offer occurs a few times then ultimately times out.

Has anyone seen this behavior before?  I'm assuming this is an issue with one of the gpos we pushed out for CIS since it coincides with the CIS deployment and occurs in and out of the office.
I have a wireless envorment with:

Server 2012 R2 running the NPS service for RADIUS authentication to the AD
Ubiquiti UniFi APs that are set to forward auth to the RADIUS NPS server

Now I have that setup, and it works, and authenticates the users AD login, and connects to the network just fine, the issue I have, comes after that, when the user is not authenticated through the single sign on through RADIUS for the WatchGuard firewall. I have followed what little information WatchGuard has on this, but most of their information points to MSDN pages, that get me no where.  I understand that the WatchGuard needs to receive accounting packets with information from the NPS server, but it doesn't seem to be getting them, as the firewall still tries to route users to authenticate through the web portal.

Not sure where to go from here in order tell which system to send to what and where, and how.
At NY Data Center, and UK and US Offices the IP addresses accessing in and being accessed out.

Objective is to identify suspicious / unauthorized access or data transfer .
I'm in the process of setting up SSO for users so we can control our internet access. We only want domain users to access internet and none domain users such (visitors) need to be blocked.

I have read a couple of articles but am still a little unsure which method to use, so here I am asking experts for guidance. I would also appreciate if someone can write step-by-step setup guide or an article that I can follow with some screen prints?

Please also point out any "gotcha"

This article says that "Event Log Monitor” has to be installed on all domain controllers, but later its talks about pushing out SSO client to machines which is also used for authentication, so am a bit confused if this is needed or not? Please clarify

and then this video also talks about "Exchange Monitor" for authentication.. do I need all of these options or will one suffice?

much appreciated!

We have just deployed a Cisco Meraki wifi solution and are trying to set up our wifi networks. However the domain is setup as XX.local.
the commercial cert authorities will not  give  a trusted certificate for XX.local, so we a trying to work out how to deploy a SSL that  is trusted to make wifi for things such as BYOD work seeamlessly , We have considered self-signed but that shows as untrusted, we also need to open  up security on trusted machines to allow it. Has anybody done this or got a good idea
Hi I am not able to connect Nortel switch 5650TD model through putty .

Scenario -- Cisco 3550

1) Guest Network  --- /24
2) LAN Users ---

I want that users with IP address ( should not be able to access network. But at the same time i want to have access to this network.

Is it possible in Cisco 3550 to achieve this.

I am looking to setup Suricata at home use with an inline setup.  My capacity is 100/100, so I am looking to support this speed with min impact.  My network is not heavily used - I have a couple of computers/ios devices.

The unit will be in the closet, so I am looking for low power/heat, ideally fanless, but I am ok with a quiet fan if needed.  I have a Synology 413 if there is any offloading that I can leverage that for - using supported apps (I am not looking for custom installation on the nas).  

1)  appropriate hardware
2)  from a setup perspective, can I leverage my Synology

We have an Azure setup like this:

Internet --> Azure Region --> Vnet-1 --> Subnet-1 --> VM-Appliance(Router) --> Vnet-2 --> Subnet-2 --> VM-Server

The Internet can connect to the VM-Appliance(Router).

The VM-Appliance(Router) can connect to the VM-Server.

HOWEVER, the Internet cannot connect to the VM-Server.

We need someone who fully understands Azure networking, Vnets, peering, routing, interfaces, packet forwarding, network security groups, etc.
Free Backup Tool for VMware and Hyper-V
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

I am creating site to site ipsec vpn tunnel with cisco asa 5506x and 5555. Now the 5506x firewall i m keeping it in dmz. Can i keep the outside int and inside int ip  of 5506x in same subnet.

I have an ASA 5512-X with the IPS SSP module enabled. I am currently setting this up using scenario 1 shown here (https://www.cisco.com/c/en/us/support/docs/security/ips-sensor-software-version-71/113690-ips-config-mod-00.html#scenario1).

The problem that I am having is that I can ping the IPS SSP from the ASA itself, however, when pinging the IPS SSP from an internal host, the ASA is dropping the traffic with the following reason:

313004      Denied ICMP type=0, from laddr on interface inside to no matching session

From the IPS I can ping internal hosts.

Below is my config of the interfaces and IPS module and showing that I can ping from the ASA.

ASA(config)# sh run int g0/2
interface GigabitEthernet0/2
 nameif inside
 security-level 100
 ip address

ASA(config)# sh run int m0/0
interface Management0/0
 no nameif
 security-level 0
 no ip address

ASA(config)# sh module ips details | in Mgmt
Mgmt IP addr:
Mgmt Network mask:
Mgmt Gateway:
Mgmt Access List:
Mgmt Access List:
Mgmt Access List:
Mgmt Access List:
Mgmt Access List:
Mgmt web ports:     443
Mgmt TLS enabled:   true
TICFW1(config)# ping

Open in new window

I t
On a CheckPoint FW,when i try to install the policy to the Fw-1 module, this error appear in the Installation process Window: "Reason TCP connectivity failure 18919  error 10".
The firewall is still working but it's impossible to install a new policy. .
I haven't find any documentations about this on the Checkpoint Web site.
i hhave some hypothese i think latency, because firewall based in China and i connect from belgium to add rules and installe policy, i am still debbuging and checkking
If someone knows this problem ??
I don't know how to figure out if FirePower is filtering or simply logging traffic (promiscuous or direct mode).
I've looked around in the FirePower web interface and have also read some resources, but I am just not catching on.  I was expecting a check box in the web interface or a line in the ASA's config to explicitly indicate which mode it is in.  I do get alerts that say such and such malware/access attempt was detected and that it is a potential threat, but I don't see where it says the event was blocked or just logged.  I might just be overlooking it.
Hi Folks.
I have a situation where our Corporate Wifi ( just a name)  is what our staff uses to log in and access our Network ( only with laptops). Wifi has Single Sign-On enabled so once they are logged in to their Ad account, they don't need to provide the credentials again on the same device. We have added a certificate as well for additional security.

Q 1- The users who do a password reset while being hard wired in network ( Ethernet Cable) , there is a delay where the wifi wouldn't authenticate them. Is there a way we can diminish this  time delay for password update for our Wireless Network. ( i would imagine it probably has something to do with the Radius Servers Settings).

Q 2- Some users just randomly loose connectivity to the wireless ( laptops are brand new , they connect to other wifi, they work just fine so its not hardware related).  And if they try to connect again they don't get authenticated. We have as a work around tried rejoining the computer to the domain + renaming the computer to something else and after that it also comes back to normal.

Q3- and lastly some users cant even connect for the first time. It just doesn't let them connect.

On the Radius Server, we have Network Policy set to authenticate using Only 1 condition
- that the user trying to access CORP-WIFI is part of the CORP-WIFI security group in AD.

Any help would be appreciated.

What is best practice to restrict Users from for example connecting to corporate network with their own device?

All they have to do is put in their domain credentials and they get connected.

I would wanted something like :- latest AV Software and definitions or full scan in last 30 days.

What is best way to do this - can it be done through Dell Sonicwall?

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.