Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear Experts
We have hosted application on-premises which is behind the firewall.  the application runs on Ubuntu 16.4 server OS and with the components of apache2, mysql5.7, php7.x. This application has to be accessed from the external network( though the internet) which is located in other county from their office where the users will be behind the firewall.  we have to allow the access to them hence I have asked to share their gateway ip so that I can enable access only to this IP.  our hosted application by itself has authentication however we would like to add one more layer of authentication but the remote users will not accept any client software installing on to their local systems like vpn client or OTP SMS, or pass code call back.  They only prefer web based access to the hosted application and they are okay if we send the second level security pass-code to their official email so that finally we can achieve 2 level of authentication which is in additional to allowing their IP only to connect to our network.  Following were my recommendations
1.      Over internet (leased line circuit) Site to Site VPN between their firewall to our firewall so that end users will not have any additional efforts or vpn client not needed, this they denied as their IT policy does not permit to configure their side firewall
2.      Suggested MPLS VPN between their work location to our network but this also been rejected.
Now I am thinking of some solution like placing the Cisco ASA SSL VPN…
0
ON-DEMAND: 10 Easy Ways to Lose a Password
LVL 1
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

Dear Experts

We have been asked to deploy on premise mail server for which we are planning to go for zimbra network but before to that we have to design the network,  though this email server will be working for internal within main office and branch office as it is connected in mpls network but we also would like to send and receive mails to external domains following measures to be taken
1. if our server or internet goes down the sender mail should not get lost for us once the server or internet gets restored the mails should be delivered to our emails accounts.
2. our domain and ip reputation should be always good so that our messages gets delivered to the inbox on the recipient email
please suggest on how our email server to be configured have internal dns server and make it work as normal email server and for external we have to avail SMTP RELAY service with some service provider please suggest is this correct if not please suggest what service we have to avail for external email delivery with email security will be taken care.
0
Hi, Guys, want to compare Sonicwall NSA 4600 and Juniper SRX 3400 in the aspect of security and reliability. Please help me to choose the best FW for my organization.
0
Customer has a watchguard T10 firebox firewall for a pos system.  The POS server connects directly to the trusted network port. no other computers connect to that network.  

Customer wants to setup an access point for wifi.  The watchguard has a 3rd port.  I want to activate it as a second network and allow wireless devices to access the internet.  

The watchguard firewall does not have built in wifi.  We purchased an access point that we plan to connect to the 3rd port.

This is a restaurant, there are no office pc's or network printers.

Need suggestions on policy's, the device has contenfilter subscriptions.  I want to enforce them on the 3rd port too if possible.
0
How to block RFC 1918 and create object-groups and use that object-groups to block any udp traffic inbound to the external interface on a WatchGuard Firebox (M200)?
0
When creating the New template Identification Information it creates an XML file.  In the video, I am learning from it created an ADM file.  So when I got to the portion to edit the GPO Administrative Templates there is no ADM to add.

My goal is to use ADRMS to stop all users from "Copying or Forwarding" any data in our database folder.

Any help will be appreciated.

ADRMS template
0
I have a computer on our domain that is sharing a folder and a printer.  Just within the past couple days, access to any shares on this computer has stopped.  I have double checked the shares are still active.  I can get to the shares from that computer itself via unc.  No other machine can access the shares though and remote desktop connection is not working either.  I also rejoined the machine to the domain and turned the firewall off.  Any other suggestions?
0
I have recently joined a company where the juniper SRX 3400 already bought but not installed.   Now I want to implement this in HA mode as a replacement of SonicWALL 4400.  Please help me, step by step to implement same. For your kind information I very new to Juniper so I need details knowledge in same.

Waiting for the good answer.
0
We have a Watchguard M200 firewall that we would like to limit inbound/outbound bandwidth to 20Mbps on our External (WAN) interface. Our ISP allows for 40Mbps total bandwidth. I've gone into Traffic Management and changed the interface to limit bandwidth to 20Mbps but this only seems to apply to upstream outbound traffic. Inbound traffic is still coming in at the fulll 40Mbps. Is it possible to also limit inbound traffic to 20Mbps?

Thank you
0
Hello Everyone,

I am looking for options to protect my files and folders on my local laptop.

For example, if  someone stole my computer or hacked into it, I would like to have certain files (my business file that houses information on clients/staff and my financial file) to have a password on them in order to open them.  I know that some apps also hide the file and can’t be opened or seen.

I Want to make sure that I have to put a password in when file needs to be opened and it would be good to be able to have it hidden to anyone that hacks into my computer if that should happen.  

What options do I have please ? what do you recommend ?

important I am running Windows 7. I am looking for a solution for windows 7

Thank you,
0
Cloud Class® Course: Microsoft Exchange Server
LVL 12
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

How to be a SOC service provider ?


       ...  we  are beside performing  the  required  feasibility study  to  invest  in   providing  SOC as  a managed and monitor services  ?

......  what  are  the  requirements for  a   company  to  be able to provide  SOC  services  either as  manged or monitor  services  ?    

>>>  what  are  the main components of  a SOC
0
Hi,

Can you please advise why IP of server is changing like

C:\Users\Administrator>ping 113.255.213.114
Pinging 113.255.213.114 with 32 bytes of data:
Reply from 113.255.218.217: Destination host unreachable.
Reply from 113.255.218.217: Destination host unreachable.

Open in new window

0
Active Directory: Customize the Password must meet complexity requirements. Is there a way to enforce 4-4  categories? or how to specifically enforce the Non-Alphabetic characters?

Contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
Complexity requirements are enforced when passwords are changed or created.

We are trying to enhance our password security and would to be able to enforce the special character.
We know there is third party software that allows this but like to know if there is a way to do it on Windows server 2012?
0
Hi Experts,

I am looking for a two-way authentication procedure in the attempt to protect one of our public facing website.

I would like to implement some type of two way authentication to add an additional layer of protect.


I am thing of the end users getting an email notification or some type of verification method.

Any thought or recommendations?

Thank you
0
Hi,
We have two SRX series firewalls (100H) in an HA configuration running software version 11.4.R7.5; I Need to allow stunnel through from a specific IP (external) and port through to a specific local machine and port on our internal LAN, and I can't find any information on how to do this - I'm not that familiar with Juniper firewalls, so am unsure of what to do;
Please help!
Thank you
Robin human
0
Points of My Scenario:
1. I am admin of 2 newly deployed virtual machines: one Windows 7 Enterprise, and one Windows 10 Enterprise
2. I was successful to configure smartcard logon for the Windows 7 computer, but the same steps (drivers installation and certificate import) are not working for the Windows 10 Enterprise computer.
3. For each computer, both the driver installation (smartcard reader and smartcard) and the certificate import are successful.
4. For both Windows versions (7 and 10 Enterprise), the root CA certificate was [successfully] imported into the Trusted Root Certification Authorities store
5. However, when attempting to login to Windows 10 with smartcard, I get the following error, "An untrusted certification authority was detected while processing the domain controller certificate used for authentication. Additional information may be available in the system event log. Please contact your administrator."

QUESTION: What additional configuration is required on Windows 10 Enterprise so that it accepts the smartcard login just like its Windows 7 Enterprise counterpart?

PS: I can login to BOTH Windows 10 and Windows 7 with local and domain user accounts that don't require smartcards.
0
I am having an issue accessing a secure ftp web site from a network.  The network uses a watchguard xtm 25 appliance and then runs Server 2008 R2 as the network server.  The workstations are all Windows 7 Pro.

The URL is https://oebsftp.ontarioenergyboard.ca.  This should bring me to a log in page, but instead the following message

The message from IE 11 is as follows:

This page can’t be displayed


Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://oebsftp.ontarioenergyboard.ca  again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

Fire fox give the following:
Secure Connection Failed

The connection to oebsftp.ontarioenergyboard.ca was interrupted while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
Often the Ontario energy board upload sites are designed for IE only.

I do not see anything in the Watchguard appliance but may be overlooking something.

The server uses SEP 14.0 for both anti-virus and Firewall

As a separate issue, email using Outlook 2013 cannot use ssl either
0
How do I use a Baracuda web filter to block YouTube
0
I got a bunch of machines trying to access this IP(208.91.197.27) that looks very suspicious when doing a WHOIS. OpenDNS Umbrella blocks the traffic as malware but no other details are given.  I've ran extensive tests with different anti-spyware/antivirus solutions(safe mode and such) and was not able to find anything. In the last month or so there were at least 10 machines that tried to get to that IP address over port 443. Machines are either inside the network or just working in the field. Any suggestions on how else to tackle this problem would be appreciated.

Thanks!
0
How do you know if your security is working?
LVL 1
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Hi we have a thousand of switches in the network. and Orion has been configured on each switches. Now we have a few of commands that need to be implemented on each of switches. How can we add these commands to each switches via Orion? Or you can send me a link for this issue. Thank you
0
We have a WatchGuard M300. We currently have an internet connection that is too small for our needs. Our issue is the upload speed is capped at 20Mbps. With the M300 can we add a second internet connection and have our internet traffic divided evenly between these two connections?
0
i am trying to setup the Internet default gateway on the new Internet circuit for testing. I have a current (A) and a new (B) Internet circuit. All of my traffic is currently going through A. I'd like to just have my laptop going though B. I have a Palo Alto FW and I have a DG 0.0.0.0 pointed to Internet provider A. Any thoughts on how to setup the second DG pointed to provider B and only my laptop traffic. Thx
0
im changing roaming profiles to local, I'm trying to change the folder redirection path and it seems to be referencing the old path. New GPOs have been created.  what's weird Is if I log a new user onto the pc folder redirection works fine. creating a local account got a user that's already on the computer doesn't work

please assist
0
We have several locations. Each location has several DNS servers, all replicating to each other. In DNS we have several Conditional Forwarders. At all locations except one I can ping and RDP into any of the servers in the Conditional Forwarders list. However in one of the locations I am unable to ping to any of the Conditional Forwarder IPs. All locations are connected using a Watchguard firewall using a VPN. When I do a tracert from the location that is unable to get to any of the Conditional Forwarder locations, it goes to the local DNS server, then out to local ISP DNS server. I have been reading and searching for articles that might help however I am unable to find a solution.
0
I am in the process of upgrading Splunk Enterprise, I have backed up configuration information by copying the /etc folder. I have to backup the indexers database which can be doneby  copying the database folder after shutting down the indexer. How do I shut down the indexer - Splunk enterprise installed on windows 2008 R2?  Is there anything else I need to backup before proceeding with installation?
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.