Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have multiple VLAN one for servers, one for workstations, and so on.  Towards the end of the year users started NOT being able to load PDF files off a server on the server vlan (user on the workstation vlan).  The way users access the file is by way of an icon on their core application (financial core system) that allows them to search for a variety of documents.  The user is able to reach the portal by way of the method just mentioned and if they are looking for a PDF - they get a message (not always) saying that the file is corrupted or unable to load.

If I log onto the server and attempt to load files (PDFs) - No issue.  No to bore you with a long story, the last test I conducted was to move a workstation to the server vlan.   Boom, things are working again.  I had a vendor we work with, check on our network but nothing was found to be blocking anything as far as they can tell.  This server is running SQL, IIS and another test I conducted was to place a PDF on the www folder to attempt to access the PDF this way, it works on the 2nd try.  On the first try I close the browser and re-open it, go to the PDF using http:\\serverIP\PDFname and boom it load, no problem.  Only after the 2nd attempt.  If anyone has any ideas of what I could do to resolve this issue, would be greatly appreciated.  Thanks all!
0
Active Protection takes the fight to cryptojacking
LVL 1
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

a colleague said we can enable Netflow (to send its Netflow data to SIEM) on Cisco Layer 2 switches
but the link below seems to say otherwise:  
https://support.solarwinds.com/Success_Center/Netflow_Traffic_Analyzer_(NTA)/Knowledgebase_Articles/Enable_Netflow_on_Cisco_VLAN_interfaces_to_show_layer_2_and_3_traffic

So which is correct & we just need to have a VLAN to be present in L2 switches??


A security requirement pops up requiring Netflow to be monitored centrally &
to review "information flow" : guess we can say that if we're monitoring it
centrally, we're reviewing it
0
Regulator recommended to turn on Netflow: guess this was obtained from
CIS' Critical Security Controls V6.1 for effective Cyber defense, item 12.9 :
 Deploy NetFlow collection and analysis to DMZ network flows to detect anomalous activity

However, my network colleague's understanding is Netflow can only be turned on for
Layer 3 interfaces

Q1:
Is this true or L2 Cisco switches can also enable Netflow?  If so, can share a link on
how this is done?

Q2:
One pair of routers belong to Telco (not ours) which is beyond our jurisdiction so we're
leaving this out.
However, can Gaia firewall enable  Netflow equiv (aka Source Data, Flow Cache)?
Links below seems to indicate so or I read it wrongly?
Seems like Gaia has it:
  https://www.cpug.org/forums/showthread.php/21480-Checkpoint-and-Netflow-collector  :

“can configure Gaia OS as an Exporter of NetFlow records for all the traffic that is accelerated by SecureXL (SecureXL must be enabled for NetFlow to operate properly) …“

To enable SecureXL:
  https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41397
[Expert@HostName]# fwaccel on



Q3:
Juniper firewall has JFlow but we plan to tech refresh our Gaia to Fortinet: does Forti
has equiv of Netflow?
0
I'd like some design input regarding how best to peel off (and secure) traffic from a carrier network interface device (NID) providing both Internet and MPLS connectivity over a single pipe.

The carrier is providing a single circuit carrying both Internet and private data (MPLS backend) via different VLAN tags (let's say Internet=X, MPLS=Y) to a carrier-managed NID. There will be a pair of firewalls to handle the Internet traffic, so a pair of switches will be in front of them. Here's an overall simplified version of the scenario:

Single circuit providing Internet and MPLS
We’ll obviously extend the VLAN X from the switches to the firewalls, but I’m trying to determine the best way to handle the VLAN Y private traffic. I’ve recently seen a design where the customer had this external switch with a separate couple connections for the private VLAN directly to the core environment (so, bypassing the firewalls). Obviously, this is not wise, as these switches have a public IP, and compromise for them would provide access to the core directly.

So, the two options would seem to be 1) also trunk data VLAN (Y) over the same connection to the firewall, and then use them somehow to provide a layer of security/abstraction from the outside world, or 2) implement another layer of something off of these switches to do the same.

How are others handling enterprise Internet/WAN when these services are delivered over a single circuit?

I’m not afraid of reading, so reference links/resources would …
0
I have firewall that blocks some IP's from accessing the Internet that works fine. When an user comes in from the VPN they are able to access any devices except the devices that are being blocked from Internet access. I would like help troubleshooting or creating a policy that will keep the network devices from access the internet but when an user logs into the vpn they are able to access the devices.
0
Hello,

I am looking at a security report which shows a LAN server is communicating to an external IP 37.48.82.67 which the traffics are unusual.

I have run an AV scan on the server and find no threat.  I do not see any unusual windows services running on the server.

What else I should check.

Please advise.

Many thanks.
0
How to setup a new RADIUS Server for Wireless Authentication?

I have never setup a RAIDUS server before.  In the past, for wireless or Citrix or any form of authentication we just had to configure:

- LDAP Server IP address (Active Directory Server IP address).
- User account with administrator access that could authenticate to the AD server.
- Worked with a vendor (like Citrix) that had accomplished this before.

Now, I am working in a new environment where my project is to migrate to the new Aruba Wireless System from an E.O.L. wireless system.   We have an older HP MSM700 series Wireless system used in production and the Aruba is in my test lab.  

We require a RADIUS Server for employee authentication to our Corporate Wireless network.  I have found a few web sites; but, I want to know how I can verify if the new RADIUS server (Network Policy Server) has all of the requirements?

The production Wireless Controller (older) is setup to use EAP Authentication and it is configured to use a local certificate that was provided to us by DigiCert (THAWTE - CA).  That certificate is labelled to be used to authenticate to the peer.  We attempted to use the currenlty used RADIUS server; but, after the new Aruba Clients were added the RADOUS server  stopped working; hence, it was decided to create  anew RADOUS server for the new Wireless system and that should not affect the users in the production environment.

The new RADIUS server is setup as follows:

1.  Network…
0
I'm looking for someone to help setup a new watchguard T15 and a BOVPN to an existing XTM25.  I know enough to be dangerous (maybe even that much).

I'd envision to have the person on the phone / remoted into my PC which would be on the LAN side of the T15 and I'd have team viewer connection to a PC on the LAN side of the XTM25 to set up the vpn (you are probably saying there's better ways to do the setup, but that's an indication of what I do and don't know).
0
hello all

anyone knows of a way to bypass openvpn's ifconfig-push server setting from the client side ? basically overriding the ip the server wants to set.

... or can link to a documentation that clearly states it cannot be done or piece of code on the server side that implements said impossibility ?

context : openvpn server pushes ips using ifconfig-push in client scripts triggered based on the certificate used. i want to either make sure the clients cannot spoof one another or demonstrate they can.

thanks for sharing
0
Dear Experts, based on your experience, what are the important parameters that you will focus in defending DDoS attack when choosing Firewall model?
Many thanks!
0
Exploring ASP.NET Core: Fundamentals
LVL 12
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

How to enable EAP-TLS for Network Policy Server. Checklist...
0
Hello,

Have a smaller client that has been using a Cyberoam CR15ing for quite a with a Google Fiber connection and a LAN of about 15 endpoints. They recently moved, but the ISP is still Google Fiber. They had to leave the GF box, but we configured the new one identical to the original. So the only difference should be the public / external IP of the GF box - which is set with the CR15ing as the "DMZ" (all traffic passed through to this device). This is bridge-mode setting for the GF box, but the Cyberoam still gets an internal IP on its WAN side. Not sure any of this matters, as the exact same config worked for years at the previous location with same ISP, same hardware, act.

At the new location, the internet connection and outbound traffic seems fine, but the inbound is not working right. Some traffic is getting through, but it seems selective. The FTP virtual host / port-forward is not allowing a external connection, but I cannot figure out why.

The firewall logs are not showing anything hitting port 21.

Also, we keep getting a flood of Local ACL denied events in the firewall log.

See screens below. Please advise if you have any ideas.

rules
logs
0
Hi guys,

Recently - one of our clients networks seemed to be attacked with a virus..leaving one computer to be acting funny. Hmmmmmm!!!

The virus seemed to be a trojan/malicious one that I am suspecting to somehow might have causing one computer to shut down.

I have disconnected the internet from this computer. And I am about to run a scan on the computer and Network to check for any virus/malicious spyware/malware that could probably be the culprit.

I use malwarebyte and Eset NOD32 Antvirus to run on the PC and do its scan.

After that (once scan all complete) - i check to make sure that they have an antivirus.

Before I do this, can someone recommend a tools to use to scan the Network and Computer for malware/virus other than the one i have mentioned above? Also, steps on how they would proceed?

Please would appreciate some guidelines and attentions on how to address this matter?

Await for further advice.

Thanks.
0
Dear Experts, I got this issue with Dell Sonicwall:

----------------------------------------------------------------
~~ SonicWALL Email Security Alert (9.0.5.2079) ~~
----------------------------------------------------------------

[Summary: A flood has been noticed in outbound traffic from
        user ID (mallikarjun.k@xxxxxx)]

Details: 
    Host Name: gw.xxxxxx.com
    Description: Number of messages sent from email ID
        (mallikarjun.k@xxxxxxx) in the scheduled
        interval  has exceeded the flood protection
        threshold.

Time Stamp: 
    Local Time: Mon Oct 22 13:00:01 2018
    GMT:        Mon Oct 22 06:00:01 2018

Additional Information: 
    Recommended Action: User's machine may have been affected.
        Please check for zombies.
    Alert Configuration Page: https://gw.xxxxxx.com:443/virus_config.html?bound=1&hopto=virus_config.html%3Fbound%3D1
    General Alert Settings: https://gw.xxxxxx.com:443/settings_monitoring.html?hopto=settings_monitoring.html

Open in new window


The mail server is Exchange 2016 on Win 2012R2, AV is Kaspersky.

We tried:
- Disable this email account
- Reinstall app, format all devices of users which installed email
- Create a rule in Transport settings in ECP to block email from this account

BUT we still receive this notification each 15 mins from the Sonicwall. Can you please suggest?
0
hi,

need to make my fortiWifi-80CM to be wireless client to connect to my ipad personal Hotspot so that my internal network able to connect to internet.

can't settle wireless client screenshot
forit2.jpg

Error
forit1.jpg

Tks.
0
Cannot install the NDIS Capture Service on my NIC.
It states: "Could not add the requested feature.  The error is: This program is blocked by group policy.  For more info, contact your system adminstrator"

I am the system administrator.  There is not a GPO configured to block this installation.
I've looked for parameters in:
Computer Configuration | Administrative Templates | System | Removable Storage Access
Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restriction
I've run RSOP and there are no settings to this effect.

There are no settings inside either of these.

I've also checked local security and local group policy - there is also nothing defined there.

Anyone have any ideas?

Windows 10 pro, 17134.285

I've uninstalled Webroot Secure Anywhere thinking that might be the problem - no change
0
How to find an unauthorized connection  in samba domain?
I have a samba 4.X domain on ubuntu 16.04. Is there software for Intrusion detection?
0
We have deployed On-premises MFA server in the customer RDS environment.
The two factor is working perfectly when login in to the MFA user portal or using RDP icon downloaded from the rdweb site. But MAC users and Windows 10 users with the new Remote desktop APP are prompt twice for two factor. I suppose it’s because it connects to the RD Gateway in a different way than mstsc does.
I have tried to activate caching rules in the Azure portal. But I’m not sure if this will have any effect since we have installed the MFA server locally. Anyway, this have no effect on the issue.
We first tested with Duo two factor and also with this software users on Mac and Windows 10 app where prompt twice for the two factor.
Please advise.
0
I am installing WatchGuard SSL Vpn software which is using Open VPN software and it has TAP network driver but I can't install it unattended. Does anybody know how to install OpenVPN un-attended including TAP-Windows adapter?
0
Why Diversity in Tech Matters
LVL 12
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

Hi Cisco switch has one command "switchport port-security mac-addrss xxx.xxx.xxx vlan access". My question is what is difference between with vlan access and without vlan access? and it mentions " vlan  set VLAN ID of the VLAN on which this address can be learned" is that meaning the mac address can be learn from this vlan anywhere? Thanks
0
I have a user who is using the Watchguard VPN client software. They have been using it on Windows 10 Pro (v 1709) for 6 months without issue. The UAC prompt suddenly started appearing this morning when they try to run the software. No updates for Windows or the software have been installed. I have 60 other users that are using it without this problem also. I am at a loss as to why this would suddenly start needing elevated privileges to run. Does anyone know why this would happen or how to fix it? I am not going to disable user account control or give them admin rights.
0
Dear Experts
We have hosted SugarCRM application on premise and for external users we have configured firewall that is hardware appliance fortigate 60C to function as SSL Web VPN where the users login to the firewall appliance portal and from here they access CRM application, they are able to login to the CRM through the  web VPN portal but the dashboard reports are not showing up, it shows blank dashboard but when we access directly to the CRM application we are able to see the dash board reports, please help me understand to where things are going wrong and how to fix it please.
0
I had this question after viewing Watchguard Firewall xFlow Configuration.
0
Hi, I'm looking for some advise on Cisco switch security. I have a switch which i require to sit in front of my firewall on the WAN side. I would like to be able to manage this switch via SSH and it has a separate management port. If i create a flat vlan with no ip address for all normal switch ports and assign only an IP address to the Management port and attach this to my internal LAN ( by passing my firewall ) would this be secure ? is there a better way to provide management to a switch exposed to the internet while maintaining security ?
0
Customer has a watchguard T10 firebox firewall for a pos system.  The POS server connects directly to the trusted network port. no other computers connect to that network.  

Customer wants to setup an access point for wifi.  The watchguard has a 3rd port.  I want to activate it as a second network and allow wireless devices to access the internet.  

The watchguard firewall does not have built in wifi.  We purchased an access point that we plan to connect to the 3rd port.

This is a restaurant, there are no office pc's or network printers.

Need suggestions on policy's, the device has contenfilter subscriptions.  I want to enforce them on the 3rd port too if possible.
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.