[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,
We have setup an internal VLAN on our WatchGuard for Guest wifi access. The vlan works as expected and anyone who joins gets the expected IP address/ can browse the internet no problems. What we cant it to do is to work correctly with outlook web access. For some reason whenever I try the owa address I get redirected to the watchgiard ssl login page. If I try on any other external connection it works fine. I have tried an nslookup on the new guest wifi and our other external connections and they all point to the correct external address. ie if I am connected to one external wifi and try to access the url xxxxxx/exchange it work fine and an ns lookup is pointed to the correct external address. If I try and accesss xxxx I get presented with the iis page. If I try the same when connecting via the guest wifi, the nslookup shows the same external ipaddress, however if I try to goto to xxxx/exchange I get a 404 page not found error and if I browse to xxxx I get the watchguard ssl login page.

What am I missing?

Cheers,
Paul
0
Angular Fundamentals
LVL 12
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

I'm looking at Votiro, Proofpoint & Israel email security products
to reduce spam, emails from bad reputation IP, emails with
malicious attachments & URL.

What are the features/criteria to assess or look out for?

Esp if I'm on O365.

a) can link to SpamHaus, RBL etc to get bad reputation IP?
b) offers CDR, sandboxing?
c) can claw back malicious emails from users' mailbox once
    Sandboxing completed analysis that an email or attachmt
    is malicious (Proofpoint has one such  product)
d) can withstand email blasting (eg: 80000/minute)
e) in the event the device has an issue, the ease / turnaround
    time to disable it (without changing MX record)
f) allows us to specify IOCs (bad reputation IP obtained from
    threat intelligence or specific payload's hash)
g) the ability to integrate with DLP products : is this supposed
    to be a function of O356 Exchange Online or the filter
    device (as usually such device will be registerd in MX):
    I recall Proofpoint used to be able to integrate with a
    network DLP Codegreen or am I mistaken?
h) ... help add on ...
0
How to enable EAP-TLS for Network Policy Server. Checklist...
0
Hi,

I have a PFsense router at my location and there has been some malicious activity coming from a device on my network.  Our ISP has notified us that they think that it's a problem with port 23 and if I block it that should fix the problem.  I've blocked port 23 outbound and inbound on all of the interfaces.  The complaint to our ISP gave a reference to BitNinja to check on the malicious requests sent from our network.  Here's a copy of the last request:

{
    "PORT HIT": "98.#.#.#:21349->185.#.#.164:8899",
    "MESSAGES": "Array
            (
                [01:36:54] => REMOTE HI_SRDK_DEV_GetHddInfo MCTP/1.0
            CSeq:57
            Accept:text/HDP
            Content-Type:text/HDP
            Func-Version:0x10
            Content-Length:15
            
            Segment-Num:0
            
            )
            "
}

I see that on 11/2/18, the malicious activity was on port 23.  Now, today I see that it's going on port 5680.  And the latest request was 8899.  

I don't know what device is doing this.  I've scanned the network and don't see any unknown devices on the network.  Here's something strange that happened.  There was a car in our parking lot with dark tinted windows and ghetto rims.  He was always gone when I came by the office.  I was talking to someone in the office and they said that that strange car was back.  I asked if they saw the driver.  She said that he was sitting in the back seat.  I remoted onto a computer in the office and scanned the network.  An IP address showed up that shouldn't be there.  I pinged it but it didn't respond.  …
0
Hello,

Have a smaller client that has been using a Cyberoam CR15ing for quite a with a Google Fiber connection and a LAN of about 15 endpoints. They recently moved, but the ISP is still Google Fiber. They had to leave the GF box, but we configured the new one identical to the original. So the only difference should be the public / external IP of the GF box - which is set with the CR15ing as the "DMZ" (all traffic passed through to this device). This is bridge-mode setting for the GF box, but the Cyberoam still gets an internal IP on its WAN side. Not sure any of this matters, as the exact same config worked for years at the previous location with same ISP, same hardware, act.

At the new location, the internet connection and outbound traffic seems fine, but the inbound is not working right. Some traffic is getting through, but it seems selective. The FTP virtual host / port-forward is not allowing a external connection, but I cannot figure out why.

The firewall logs are not showing anything hitting port 21.

Also, we keep getting a flood of Local ACL denied events in the firewall log.

See screens below. Please advise if you have any ideas.

rules
logs
0
Hi,

We use Mitel 5212 IP Phones. we are trying to get them to work on a custom VLAN setup on a watchguard m500 firewall. We have created the custom vlan and the ip scope which works fine. I have mimicked the DHCP options from our windows based dhcp server, however this didn't work. On the DHCP windows based DHCP server the options are:

128 Mitel TFTP xxxx.xxxx.xxxx.xxxx
129 Mitel RTC xxxx.xxxx.xxxx.xxxx
130 Mitel IP Phone Identifier MITEL IP PHONE
132 VLAN for Mitel IP Phone 0x3
133 priority for Mitel IP Phone 0x6

On the firewall dhcp scop options 9All custom)
Code       Name                                 Type            Value
128         Mitel TFTP                           IP                  xxxxxx
129         Mitel RTC                            IP                    xxxxxx
130        Mitel IP Phone Identifier  Text              MITEL IP PHONE
132        VLAN for Mitel IP Phone   Hex              3
133        Priority for Mitel IP phone Hex             6

When the phone eventually boots it gets a crazy VLAN id. Any clues as to what I am issing, or a how to guide on getting the IP phones to work?

Cheers,
Paul
0
Hi guys,

Recently - one of our clients networks seemed to be attacked with a virus..leaving one computer to be acting funny. Hmmmmmm!!!

The virus seemed to be a trojan/malicious one that I am suspecting to somehow might have causing one computer to shut down.

I have disconnected the internet from this computer. And I am about to run a scan on the computer and Network to check for any virus/malicious spyware/malware that could probably be the culprit.

I use malwarebyte and Eset NOD32 Antvirus to run on the PC and do its scan.

After that (once scan all complete) - i check to make sure that they have an antivirus.

Before I do this, can someone recommend a tools to use to scan the Network and Computer for malware/virus other than the one i have mentioned above? Also, steps on how they would proceed?

Please would appreciate some guidelines and attentions on how to address this matter?

Await for further advice.

Thanks.
0
Dear Experts, I got this issue with Dell Sonicwall:

----------------------------------------------------------------
~~ SonicWALL Email Security Alert (9.0.5.2079) ~~
----------------------------------------------------------------

[Summary: A flood has been noticed in outbound traffic from
        user ID (mallikarjun.k@xxxxxx)]

Details: 
    Host Name: gw.xxxxxx.com
    Description: Number of messages sent from email ID
        (mallikarjun.k@xxxxxxx) in the scheduled
        interval  has exceeded the flood protection
        threshold.

Time Stamp: 
    Local Time: Mon Oct 22 13:00:01 2018
    GMT:        Mon Oct 22 06:00:01 2018

Additional Information: 
    Recommended Action: User's machine may have been affected.
        Please check for zombies.
    Alert Configuration Page: https://gw.xxxxxx.com:443/virus_config.html?bound=1&hopto=virus_config.html%3Fbound%3D1
    General Alert Settings: https://gw.xxxxxx.com:443/settings_monitoring.html?hopto=settings_monitoring.html

Open in new window


The mail server is Exchange 2016 on Win 2012R2, AV is Kaspersky.

We tried:
- Disable this email account
- Reinstall app, format all devices of users which installed email
- Create a rule in Transport settings in ECP to block email from this account

BUT we still receive this notification each 15 mins from the Sonicwall. Can you please suggest?
0
hi,

need to make my fortiWifi-80CM to be wireless client to connect to my ipad personal Hotspot so that my internal network able to connect to internet.

can't settle wireless client screenshot
forit2.jpg

Error
forit1.jpg

Tks.
0
What free options are available to scan/search unstructured data (file shares and exchange mailstores) for sensitive data like PHI or PCI data?
1
CompTIA Cloud+
LVL 12
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Cannot install the NDIS Capture Service on my NIC.
It states: "Could not add the requested feature.  The error is: This program is blocked by group policy.  For more info, contact your system adminstrator"

I am the system administrator.  There is not a GPO configured to block this installation.
I've looked for parameters in:
Computer Configuration | Administrative Templates | System | Removable Storage Access
Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restriction
I've run RSOP and there are no settings to this effect.

There are no settings inside either of these.

I've also checked local security and local group policy - there is also nothing defined there.

Anyone have any ideas?

Windows 10 pro, 17134.285

I've uninstalled Webroot Secure Anywhere thinking that might be the problem - no change
0
How to find an unauthorized connection  in samba domain?
I have a samba 4.X domain on ubuntu 16.04. Is there software for Intrusion detection?
0
We have deployed On-premises MFA server in the customer RDS environment.
The two factor is working perfectly when login in to the MFA user portal or using RDP icon downloaded from the rdweb site. But MAC users and Windows 10 users with the new Remote desktop APP are prompt twice for two factor. I suppose it’s because it connects to the RD Gateway in a different way than mstsc does.
I have tried to activate caching rules in the Azure portal. But I’m not sure if this will have any effect since we have installed the MFA server locally. Anyway, this have no effect on the issue.
We first tested with Duo two factor and also with this software users on Mac and Windows 10 app where prompt twice for the two factor.
Please advise.
0
I am installing WatchGuard SSL Vpn software which is using Open VPN software and it has TAP network driver but I can't install it unattended. Does anybody know how to install OpenVPN un-attended including TAP-Windows adapter?
0
Hi Cisco switch has one command "switchport port-security mac-addrss xxx.xxx.xxx vlan access". My question is what is difference between with vlan access and without vlan access? and it mentions " vlan  set VLAN ID of the VLAN on which this address can be learned" is that meaning the mac address can be learn from this vlan anywhere? Thanks
0
I have a user who is using the Watchguard VPN client software. They have been using it on Windows 10 Pro (v 1709) for 6 months without issue. The UAC prompt suddenly started appearing this morning when they try to run the software. No updates for Windows or the software have been installed. I have 60 other users that are using it without this problem also. I am at a loss as to why this would suddenly start needing elevated privileges to run. Does anyone know why this would happen or how to fix it? I am not going to disable user account control or give them admin rights.
0
I have a customer who is wanting to ensure his staff can't take any data with them.  We can lock down USB devices (Thumb drives, Hard Drives, etc), but he's now concerned about them accessing things on the server and getting them off by using web mail clients (Yahoo, Gmail, Hotmail, AOL, etc) or file sharing sites (Dropbox, OneDrive, etc).  Short of blocking access to these sites (which would be a pain), is there any way to restrict their ability to steal his work?  And, if so, how difficult AND expensive would it be?

Failing that, is there some way of recording access so we can tell that John Doe accessed these 275 files today, and he was only supposed to be accessing 100 of them?

We're in a workgroup environment at the moment, switching to a Server 2016 AD domain.  All users are local admins on their workstations (Windows 7 and Windows 10).  A lot of the people in question will likely have to REMAIN local admins due to their software (AutoCAD, Quickbooks).

Please feel free to ask any questions for me to elaborate.
0
Dear Experts
We have hosted SugarCRM application on premise and for external users we have configured firewall that is hardware appliance fortigate 60C to function as SSL Web VPN where the users login to the firewall appliance portal and from here they access CRM application, they are able to login to the CRM through the  web VPN portal but the dashboard reports are not showing up, it shows blank dashboard but when we access directly to the CRM application we are able to see the dash board reports, please help me understand to where things are going wrong and how to fix it please.
0
I had this question after viewing Watchguard Firewall xFlow Configuration.
0
Prepare for an Exciting Career in Cybersecurity
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Hi, I'm looking for some advise on Cisco switch security. I have a switch which i require to sit in front of my firewall on the WAN side. I would like to be able to manage this switch via SSH and it has a separate management port. If i create a flat vlan with no ip address for all normal switch ports and assign only an IP address to the Management port and attach this to my internal LAN ( by passing my firewall ) would this be secure ? is there a better way to provide management to a switch exposed to the internet while maintaining security ?
0
Customer has a watchguard T10 firebox firewall for a pos system.  The POS server connects directly to the trusted network port. no other computers connect to that network.  

Customer wants to setup an access point for wifi.  The watchguard has a 3rd port.  I want to activate it as a second network and allow wireless devices to access the internet.  

The watchguard firewall does not have built in wifi.  We purchased an access point that we plan to connect to the 3rd port.

This is a restaurant, there are no office pc's or network printers.

Need suggestions on policy's, the device has contenfilter subscriptions.  I want to enforce them on the 3rd port too if possible.
0
How to block RFC 1918 and create object-groups and use that object-groups to block any udp traffic inbound to the external interface on a WatchGuard Firebox (M200)?
0
I have a computer on our domain that is sharing a folder and a printer.  Just within the past couple days, access to any shares on this computer has stopped.  I have double checked the shares are still active.  I can get to the shares from that computer itself via unc.  No other machine can access the shares though and remote desktop connection is not working either.  I also rejoined the machine to the domain and turned the firewall off.  Any other suggestions?
0
I have recently joined a company where the juniper SRX 3400 already bought but not installed.   Now I want to implement this in HA mode as a replacement of SonicWALL 4400.  Please help me, step by step to implement same. For your kind information I very new to Juniper so I need details knowledge in same.

Waiting for the good answer.
0
We have a Watchguard M200 firewall that we would like to limit inbound/outbound bandwidth to 20Mbps on our External (WAN) interface. Our ISP allows for 40Mbps total bandwidth. I've gone into Traffic Management and changed the interface to limit bandwidth to 20Mbps but this only seems to apply to upstream outbound traffic. Inbound traffic is still coming in at the fulll 40Mbps. Is it possible to also limit inbound traffic to 20Mbps?

Thank you
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.