Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

I need to draft sort of guideline to govern Remote Access by external vendors/parties.
Anyone has any documents or links to share?

Off hand, I can think of:

a) for access to UAT/development servers, remote access with encryption (eg: ssh
    or RDP) needs to be video-recorded / screen logged for long-term vendors who has
    signed Non-Disclosure Agreement with us.  UAT/Developmt may contain actual data

b) for access to Production, an authorized staff needs to initiate/trigger the connection
     (eg: WebEx or Remote Assistance) & watch what's being done with screen logging/
     video recording of the session

c) do we need access through a jump host (I've heard of RDP jump host)

d) the external parties/vendors PCs need to be updated with latest patches & AV
    signatures

e) every single staff of the vendor needs to have indiv account (ie no account sharing)

f) under what circumstances do we need 2FA ?
0
Comprehensive Backup Solutions for Microsoft
LVL 4
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

What are the ways to get RHEL patches ?

1. Doing 'yum' to pull down directly from RHN support
2. My Unix admin told me he could download via Tcp443 all the rpm packages
    for RHEL 7 patches (to a development server in DMZ) & then do 'yum'
    against these RPMs : is this true?
    Then he can scp/sftp these RPMs internally to other RHEL (or share out via
    NFS) servers to update patches to the other servers.
3. Set up a Satellite server : there's cost to this.  Is Satellite servers hosted in
     DMZ as a practice
4. Any other methods?

Which of the above are more secure?  We prefer not to let all servers directly
'yum' to RHN support due to security & bandwidth concerns
0
Our audit requested to do the above but from what our mobile applications team's
understanding, we usually scan the mobile applications website, not the device.

Is it essential & what are the ways / tools people use to scan mobile apps running
on mobile phones & iPad (IOS specifically) or usually people just do secure coding
on the apps, do static codes analyses (using Fortify etc) on the codes only?
0
In our environment, secure zone refers to internal zone which hosts the critical backend systems
while DMZ hosts the more 'exposed' systems.

We got an audit finding that supporting infra systems (like SCCM, WSUS, NTP, our internal Vulnerability
Assessment scanner) should not store authenticators (I assume this refers to credentials) of the
critical systems (critical financial systems that transacts huge amount of $) that are hosted in the
non-DMZ (ie secure) zone.

Q1:
Well, SCCM (which we use to deploy PCs patches & collect info from them & these PCs include PCs
used to make/process large payments) & WSUS (which deploys patches to all servers include the
critical/sensitive servers)  will need to have access to those critical systems to be able to deploy
patches.  Any idea if SCCM/WSUS store authenticators ?    We place these systems in our DMZ;
should we place them in an isolated/more secure zone?

Q2:
I presume when SCCM/WSUS is compromised, hackers could access the critical PCs & serrvers
via these tools?  If so, what are the mitigations?

Q3:
We also have Cyberark tt we lodge admin IDs of critical servers in them?  if this Cyberark server
is hosted in DMZ, what's the risk?  What are the mitigations?  The vendor who help us set it up
suggested to place it in DMZ (so that we could access via Internet to approve access requests):
is this risky & what are the best practices to mitigate?  I'm inclined to think these vendors are
seasoned in selling …
0
Hi Folks.
I have a situation where our Corporate Wifi ( just a name)  is what our staff uses to log in and access our Network ( only with laptops). Wifi has Single Sign-On enabled so once they are logged in to their Ad account, they don't need to provide the credentials again on the same device. We have added a certificate as well for additional security.

Q 1- The users who do a password reset while being hard wired in network ( Ethernet Cable) , there is a delay where the wifi wouldn't authenticate them. Is there a way we can diminish this  time delay for password update for our Wireless Network. ( i would imagine it probably has something to do with the Radius Servers Settings).

Q 2- Some users just randomly loose connectivity to the wireless ( laptops are brand new , they connect to other wifi, they work just fine so its not hardware related).  And if they try to connect again they don't get authenticated. We have as a work around tried rejoining the computer to the domain + renaming the computer to something else and after that it also comes back to normal.

Q3- and lastly some users cant even connect for the first time. It just doesn't let them connect.

On the Radius Server, we have Network Policy set to authenticate using Only 1 condition
- that the user trying to access CORP-WIFI is part of the CORP-WIFI security group in AD.


Any help would be appreciated.

Thanks
0
Hi,

I really need a help and guidance on how to go about setting up a wifi hotspot at our Cafe. We have regular customers which comes every morning to have cup of coffee and little snack. Normally, customers comes while they have their coffee for about 10 to 20 minutes and then go.

I would like to offer a Free Wifi to all my customers who comes to my cafe for coffee for 10 or 20 minutes.

I should be able to print out a wifi voucher which they can use to access the internet on their mobile phones or laptop. But usually it'll be just a mobile phone. The internet will be stricted ONLY to checking emails online and or Facebook - nothing else. It should not allow them to download softwares, torrents, since we dont have unlimited data to our ISP.

Remember, that after 20 minutes, the voucher should die out. And it can only works to one mobile phone.

Anyway's that is the plan and i hope i can get answers on how to proceed and going forward.

Thank you and i look forward to comments.

Kindest,
Bakaka
0
What is best practice to restrict Users from for example connecting to corporate network with their own device?

All they have to do is put in their domain credentials and they get connected.

I would wanted something like :- latest AV Software and definitions or full scan in last 30 days.

What is best way to do this - can it be done through Dell Sonicwall?
0
I'm running 64 bit Snort 2.9.9 on a  Win 10 machine.  I call to test snort as the administrator with the following command line:

c:\snort\bin  snort -c c:\snort\etc\snort.conf c:\snort\log -T  which seems to run correctly until it looks for the interface.

I tried C:snort\bin snort -W to return the interfaces but it doesn't show any.  Seems to be a 32 bit only switch.

It asks for an interface using the -i switch but I don't know which one it is.  I only have the one and I have a good IP when I check IPCONFIG.
0
I have a MS Access application running on a RDP server (2012 R2).  One of the things, I want to be able to do is to allow the users to click on the website link (in a record) and go to the contacts website, or see the address via the postcode.  However, I don't want them to be able to download anything or have too much access to other sites (so it should hide the address bar).

There is an ActiveX function in Access, but this is very limited.  Ideally, I'd like to use something like Chrome in Kiosk mode, but before I start investing time in that area, I could really do with some guidance from you guys.
0
I've been tasked with setting up a bunch of raspberry pi 3 as honeypots around a huge network.  I would like to have these all report into one server.  I saw the Modern Honeypot Network project but it's out of date.
I'd like some suggestions here.  Thanks!
0
NEW Veeam Agent for Microsoft Windows
LVL 1
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

www.virustotal.com
A cybersecurity trainer told his class of students (some are my colleagues)
that it's not a good idea to upload suspicious attachments (usually obtained
from suspicious/spam emails we received) as hackers would know that these
emails have successfully reached some valid email recipients or his attack
targets.  The trainer suggests that we get the hash value of the attachments
& scan those instead.

Pls assess if the above is valid as I disagree with his views

1. I've used virustotal but it only say how many scans have been done so it
  could have been scanned by many parties.  Suppose the hackers only send
  to a few targets & truly could know which targets have received the malicious
  attachments, wouldn't the hackers also know if we scan using the hashes of
  the attachments (as a hash is unique to each file) ?  

2. Secondly if virustotal truly could identify who has received the attachments
   & is scanning it at virustotal, I reckon hackers don't need to resort to this:
   various tools like mxtools.com & even if someone downloads the images
   of spam emails, these are easier ways to track right?

3. Lastly, is virustotal so vulnerable?  (by the number of previous scans that
    it reported, it will give hackers a good clue?)
0
I would like to implement a Firewall Rule and NAT Policy (if needed) to only allow DNS queries to be resolved from the Domain Controller (YTEDC1) to our provider OpenDNS. All other DNS traffic to external sources from clients should be blocked.

Would I start with a LAN to WAN firewall rule allowing DNS (port53) and then another deny for 'Any' clients?

If the Allow rule for the Domain Controller has a higher priority then it should take precedence and work whilst all others a blocked?

Screen-Shot-2017-08-01-at-16.20.17.png
Screen-Shot-2017-08-01-at-16.20.41.png
0
Hi. Anyone have any experience with EPP (we're looking at a Cylance Protect and Bitdefender) and SIEM (Event Tracker)? Anyone using both or either and can offer thoughts or suggestions? Looking for best protections against the ransomware plague and other infections.
We're a MS shop (Windows, Office SQL etc.) and I know MS has ATA but not sure if it's comparable to the above products.
0
I am using Securely as my web-filter I need one SSID to be completely unfiltered I have setup all I need to to do this including ACL's and on some devices it works and on others I get google.com saying " Your connection is not private" and I can't get to google.com but I can get to all other sites unfiltered. I have never encountered this and I would just like some kind of input if you have experienced this before thank you for all of your help in advance.
0
All of a sudden a user is getting an error when trying to connect to workstation through a site to site vpn that says "An error has occurred", If the VPN is diconnected and the WAN IP Address with the Port is used then the RDP works just fine. VPN is configured on  Sonicwall TZ215 and TZ100. We can also RDP on the same LAN as the system without issue.
0
Hi Guys
I have a problem with Maximizer software that if everyone group does not have full permission to the c:\windows\temp on the server it will not work. I called Maximizer and they don't even know about this. They keep asking to reinstall it.
So to fix my problem I just give everyone full access to the c:\windows\temp and we are good to go for sometime 3 months other one day only. The reason is that the everyone group just disappear from there and I have to add it again.
Nobody other than me has access to the server so I can confirm that there is no other admin or user changing this.
Any idea what's going on? The Maximizer run on Terminal server 2012
0
The product will come with its' operating system only , for training, does palo alto offer the service 30 days evaluation (like Microsoft) when expire you have to re-install it again.
0
I just had it happen *again*. /opt went to 100% and management services croaked and wouldn't restart.
After rebooting the OS I was able to acs-config and run acsview replace-cleandb. This will make things
good for a few months. I only keep like three months of logging and show acs-logs didn't appear to have
that much in it anyhow. How do I prevent /opt from filling up and stopping services?
0
Hi guys,

I need some inputs from you guys so that I can set up my DMZ Lab. I have added a 2nd SME Mail Server in my DMZ and I also have my Web Server. In my Internal Network, I have my 1st SME Mail Server and AD/DNS.
I am using a pfSense Firewall with 3 NIC. I did some Port Forwarding so that my WAN users can access my Web Server.

Adding a 2nd SME Mail Server in the DMZ so that all Mails from outside or WAN will be forwarded in DMZ.
Internal Network users can send email and receive. I don't have idea and I want to understand how to do this.
Can please anyone help me ?

Thank you so much

Novice
0
When ransomware hits your clients, what do you do?
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Hi,

I'm in my last year of my Bsc. Degree in Computer Networks, and rather than finding a domain to choose from, I am searching for a proper title to which would not be wide open or very narrow for my research.

At 24 years old, I currently work as a CA administrator in an information security department with previous experience on administering SIEMs and Password Management Systems.

The areas of interest for my these can be found below, and would appreciate if advice can be provided on how to make the proposal titles more straight forward.

1. The benefits of implementing honeypots in small developing companies
2. Use of CAs, digital certificates for a particular scenario? Using encryption for a particular scenario maybe?
3. Illustration of 3 different routing technologies implemented in a common network with comparisons of their performance using different scenarios.
4. Illustration of an attack/malware/exploit of a vulnerability and the defence mechanisms available to mitigate the issue.

Also, please note I'm not that very much versed into software development, just basic scripting knowledge. Any new topics not mentioned above are highly welcome. Thanks in advance for the feedback :)
0
Q1:
We are concerned with using the latest Chrome due to data loss/leakage
via whatsapp sidebar : does this feature enable files upload/downloading?

Q2:
is there any way to remove/disable it & how to go about doing this?

Q3:
If it's a data loss risk & not possible to disable, which previous latest
version of Chrome doesn't have this sidebar?  I'm thinking of using
the older version & hopefully Google still release patches for it


I just thought that since Whatsapp on my Android allows us to attach
files, this feature in Chrome may allow the same
0
Hi,
 
I have a Windows 2016 Hyper-V server box that came with two network cards. First NIC is connected to internal LAN (192.168.1.x) and 2nd NIC is connected directly to ISP Internet modem (therefore, it receives a dynamic public IP address given by ISP DHCP server). On 2nd NIC,  I intend to create a virtual machine ("TESTVM") where I like to try to open some suspicious email attachments or click on website links (to find out whether they are malicious). I have installed Malwarebytes Anti-Exploits/Anti-Malware/Ransomware on this VM and it sends me email alerts whenever it detects "suspecious" activity.
I plan on connecting to this VM thru remote desktop connection program (port# 3389, 3390 .. etc) using Dynamic DNS.
Having said that, I know a lot of experts would go against the idea of exposing the server to public internet.

I know that I could put another router (192.168.2.x) between 2nd NIC and ISP internet modem to enhance security, but what I like to know is how am I venerable as it is?
How could hackers penetrate to this server when the only account is "administrator" with secure password?

Thanks you for your insight.
0
I have a hacker who has compromised my network, devices and my life for over a year. I have found various devices connected to my lab top via blue tooth, unknown devices on my wifi network and have collected a bunch of networking logs and see things on there that shouldn't be there, I believe. It's a lot of information that I really don't know how to read and I don't know what information is important. So I'm looking to hire somebody to review the logs and information that I found and tell me what information should be looked at more closely, what information needs to be investigated further, etc.

Definitely willing to pay.. Contact me privately if you have history in this area.
0
Hi,

I am working on a tenable nessus audit file for ibm aix.

What i am trying to achieve is 2 compliance check on the /etc/hosts.equiv file:

1. To find all UID less that 100 and UID not equals to the default system user ids (0,1,2,3,4,5)

2. To find all GID less that 100 and GID not equals to the default system group ids (0,1,2,3,4,5)

<custom_item>
type: CMD_EXEC
description: "UID less than 100 and not system default UID"
cmd: ""
expect: ""
</custom_item>

<custom_item>
type: CMD_EXEC
description: "GID less than 100 and not system default GID"
cmd: ""
expect: ""
</custom_item>

I am really new to working with tenable and also new to aix.

Really apperciate if anyone can help me out with what i should put for the cmd and expect statement on how to make the compliance check work.

Thanks really apperciate it!

Link: https://www.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.security/passwords_etc_passwd_file.htm
0
We need to have a standalone IPS solution put in.  We currently run two pfSense firewalls in an HA setup.  I was looking around on eBay and saw a Tipping Point 210E (two of them).  Are they still good with updates to definitions?  Any other less cost recommendations?
pfSense HA works a little odd too, so I'm not sure if this will even work.
Firewall 1 WAN IP x.x.x.1
Firewall 2 WAN IP x.x.x.2
Firewall Shared WAN IP x.x.x.3

Same setup with internal LAN IPs.  Each firewall has its own physical connection to the modem via ethernet for the WAN side and LAN side.
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.