Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

My fiancée's mother exchanged her laptop for a pawn loan 3 months ago and she bought it back today. The laptop had no password on it. Just turn on the power and your in. Now she is staying with us for a bit and wants our WiFi password so she can connect to the internet with it.

The problem is I am very worried about her laptop compromising the security/safety of my family and their devices. (I.e., In 10 seconds couldn't the pawn owner turn it on and install spyware that could spread to everyone's devices connected too it?!)

I Just wanted to get some feedback from professionals out there on what you would do in my scenario, what are some worst case scenarios and how likely are they too occur? Would you let her login too your WIFI? (Part of me wants to just burn it and buy her a new one)
Expert Spotlight: Joe Anderson (DatabaseMX)
LVL 13
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

Hi All,

We use WatchGuard as our firewall and have Dimensions setup for reporting. What is the easiest way to find out and possibly monitor all users that have some form of file transfer either ftp, or web/app based such as dropbox etc?

Can this be done / how best to view this info or set this up?

Dear Gurus,

Could you please advise difference between ADC ( like F5 , A10 etc ) and WAF ( Imperva , Fortinet ) , its main features, and where it will be placed in a topology ( such as DMZ ,SErver Farm , Core Switch etc )

I have (2) Watchguard M270's configured in a firecluster.

Interface 0 is the External interface configured with a /28 block.
Interface 1 is the LAN

We have consumed all of our IP's so I ordered another /28 block from our datacenter today. As soon as I configure Interface 2 for our new IP block, outbound traffic for the most part ceases to work on our network, however some things do work.. so we'll call it intermittent. As an example, I can ping out to but can't ping As soon as I disable Interface 2 that is configured for the new IP block, I am able to ping again.

I'm assuming this is because we now have 2 WAN interfaces configured and outbound traffic doesn't know which interface it should be sending traffic out on but I couldn't be sure. I've made 4 calls to Watchguard support and nobody can identify the problem. I even had our datacenter issue us a different IP block just to rule out any kind of odd conflict but the problem persists with a new IP block.

Am I going about this all wrong trying to have 2 IP block's configured on our Watchguard? Is the better solution to just order a bigger block of IP's and re-IP everything? I was trying to avoid that hassle by just adding an additional block of IP addresses but it seems that what I'm trying to do here isn't working..

I would appreciate any advice or input that someone could give on this. Thank you!!
We are using EAP-TLS on our Microsoft NPS 2012 R2 server. Everything was working fine then I had to update PKI from SHA1 to SHA2, pki is healthy and certs have been distributed domain wide. For some reason I cant get the wireless EAP-TLS policy to work.

"NPS2","IAS",09/27/2019,08:30:59,3,,"DOMAIN\USER",,,,,,,,0,"IP","WLCA",,,,,,,5,,8,"311 1 IP 09/26/2019 20:43:48 8644",,,,,,,,,"5d8e00a3/MAC/759603",,,,,,,,,,,,,,,,,,,,,,,,,"Secure Wireless Connections",1,,,,

My site has not stopped planting for a while.
I was advised to check my logs and I see that there is this IP 150.918 times in my logs from 00:00:07am to 12:36:01am

what do you advise me to do?

I added this Deny from to my .htaccess but ip continues to show...

Thank you for your advice,
Two separate businesses using the same domain name have now merged into one.
This is the first time I've ran into this and hope someone could shed some light. We've recently acquired a new client who at one point had two domain controllers. Server 2008 and Server 2012. They moved Server 2012 over to a new location as part of a different business, but kept the same domain name. Server 2008 AD sees the 2012 as a DC, However 2012 doesn't see 2008 as a DC. They are now on different networks, but recently was configured to tunnel back to corporate to share resources.

What I'm trying to accomplish: Join a 2016 DC to their corporate to decommission 2008.

Error I'm getting when promoting 2016 to a DC: "Active Directory preparation failed. The schema master did not complete a replication cycle after the last reboot."

What I've gathered so far.

Server 2008 - DC - samedomain.local - Corporate Office

At one point was replicating to 2012.
Server 2012 - DC - samedomain.local - Remote Office

No longer replicating from 2008.
Recently a WatchGuard VPN was put in so the two locations could talk and share resources. Different IP schemes, and they don't know about each other.

My Question: Can I safely remove 2012 DC from 2008 to stop attemping replication and at the same time continue to operate both under the same domain names, but seperate?

Remote Office will still use 2012 to authenticate locally until we can sit down and plan out a migration plan several …
hi any document or link where explain which security policies apply or create documentation of security policies
Dear Experts

Can you please help with list of common security incidents , require this to prepare document for ISO 27001.thanks in advance.
I have a huge number of messages in my VPN router LAN access from remote. And I do not know where are they coming from. No email server is setup, it does not seems to have any games on it. the only thin I have created a port for RDP  and forward that port so I can access the server from ouitside

Please advice
Microsoft Azure 2017
LVL 13
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Hi Experts,

what is difference b/w source-nat and destination-nat? i believe source nat is just hiding your internal IP behind the public IP address, and destination NAt we use in mainframe system or headless devices that do not have a default gateway. this concept driving me bananas. i really appreciate your clear answer.
i have traffic coming from outside world to watchguard  firewall to citrix netscaler which goes to internal  asa firewall  and then to internal network.

our citrix netscaler also has the  same certificate for ( service communication certificate)  which is being hosted on our internal ADfs server ( windows server R2)

we dont have ADFS proxy server as of now

recently we had password spray attack on our internal ADFS server

and we could not determine source IP on our internal ADFS server

i wanted to know following:

1) i read in articles  that windows server 2012 r2 has extranet lock out feature and adfs 2016 server also has extranet lock out feature so is there any difference between the 2 as far as
protection from password spray attack is concerned.

im the scenario i explained regarding traffic coming from outside to watchguard firewall - netscaler- asa firewall, where should i place WAP server and how it can help in mitigating password spray attack

are there any good tutorials for upgrading windows server 2012 to 2016 adfs server and how proxy adfs should be configured

we have mailboxes in 365 and ad accounts are synced through aad sync to azure AD.

i came to know from Microsoft that messages are being redirected from office 365 to internal ADFS sever and it is not authenticating , so what other steps i should take

to protect from spray attack just proxy ADFS server is sufficient or some conditional policy should be applied …
I have just run a new vulnerabilty scan and one of the clients has come back with an Xserver warning that it accepts connections  from any client.  I know what xserver is and the risk it poses.  My question is, how do I configure it/restrict connections?
Dear Experts, we are configuring a new network of new office in next week and have some questions about security:

- How to prevent "rogue" DHCP servers in network?
- How to prevent "rogue" Wireless Access Point in the network? For example: my office's wifi network is "" => we'd like to prevent the other SSID "" from users' APs?
- Can we prevent ransonware in some network levels?

Our infrastructure is:
- 2 x Firewall Sophos XG310
- 2 x Core switch Cisco 3850 (will be DHCP servers for 20 VLANs)
- 30 x Access switch Cisco SG220 and SG350
- 30 x Wireless Access point Unify AC AP PRO
Network team lead argued that audit finding for following Cisco item
is not valid:
>aaa accounting commands 0 default start-stop group XX_TAC
 which Audit recommends (as per CIS benchmark) should be:
>aaa accounting commands 15 default start-stop group XX_TAc

Network team lead argued that 0 is equally or more secure
than 15.

I'm no network engr, so anyone care to comment?  Any
other authoritative sources (beside CIS) will be helpful
just had two sites fail pci compliance tests with certificate errors on sonicwall tz180.  trustwave does the scans and this is what they said: The server should be configured to disable the use of the deprecated SSLv2, SSLv3, and TLSv1.0 protocols. The server should instead use stronger protocols such as TLSv1.1 and/or TLSv1.2. For services that already support TLSv1.1 or TLSv1.2, simply disabling the use of the SSLv2, SSLv3, and TLSv1.0 protocols on this service is sufficient.
i have no idea how to do what they said.  any help is really appreciated.  thanks

We're considering moving to a co-working space and I had a conversation about network security with the person that manages the network.

We were discussing different options and he made a statement that seemed odd to me.  I had asked about MAC spoofing as a potential way to circumvent a solution he had proposed (can't remember exactly what it was but I don't think it matters).  His response was something like ", our routers are able to detect MAC spoofing."  They are using a Meraki MX-84.

When I asked him how the router was able to detect MAC spoofing, he wasn't able to answer.  I know that doesn't mean the router isn't capable of it, but it piqued my interest enough to post here and see what you all had to say.

Is this something that the router is able to detect?  If so, what is the mechanism it uses to identify it (i.e., how the heck does it know)? :D  

Thanks in advance for any help.
We have a SonicWall 2650 with Content Filtering enabled to restrict website activity for those on the physical network and those on VPN. We are having problems with folks using their company devices to go to non-authorized sites when they are not on VPN or on the physical network. They are using a company-issued wireless device or their home ISP to gain internet access. It would be great if we can somehow force all of their traffic to go to our SonicWall for filtering without having to create a VPN connection (tends to slow things down on these machines).  Perhaps a proxy server (but only for external users since our internal users are already protected by the SonicWall?  Would it be best to install a third party product to block site access (would have to work on all possible browsers)? Maybe something else? Looking forward to your suggestions.

I would like to use Piehole (or another add blocking/security enabling feature) for my home network.
My Synology NAS supports Docker, so I stumbled upon this article:
Not going to buy a Pie, my Synology is good enough and dont want extra hardware to buy/maintain/configure anyway.
I like the idea of Docker/containers since I do think it is the future, I have no Docker experience whatsoever for now. My questions:
-is Piehole the right protection tool to use or are there better (Docker) solutions?
-if I follow the procedure described, what to do then, just point my dhcp dns to the ip of Synology? Any config I can do to the Piehole? Then where?  Not clear to me.
-I also have a Synology Router mc2200 ac, can/should I combine it's security features?

Thanks for your input!
Starting with Angular 5
LVL 13
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

Hello, I keep getting hit by DDoS attacks and I'm looking for guidance... I have a Cisco Meraki MX64 Firewall in place which has the intrusion detection turned on. I'm wondering if there is ports I can block on the FW to stop the DoS attacks from happening or reduce them. At the moment, I'm having to change the IP address regularly to stop this from happening, but it is only temporary.
What are the security & compliance requirements we can safely
demand/expect from Oracle ERP (Enterprise Resrc Planng) Cloud.

Likely Finance, HR, Procurement modules will be used in this
cloud ERP.

a) Data sovereignty: DC must be local?

b) BCP/DR drills done yearly with DR centre also hosted locally?

c) this is an SaaS?  So we can apply all  the SaaS compliance
    requirements on them including returning data to us &
    secure erasure of data when exiting?

d) ... any other ... ?
I am using Synology VPN [open vpn] to connect my laptop which uses a cellular connection to my office network, suddenly, it fails to connect with the following errors
 LS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS handshake failed
Still, if I connect my laptop with a wired connection it connects no problem.
Need a secure iPhone/MacBook Password program

I use 1Password, but heard that DropBox files can not be secured. So, even if opening the app on my Mac or my iPhone might feel secure, a hacker could get in.


What is a good alternative?

Security if obviously important.

I guess the only advantage of using 1Password is if I somehow forgot that password, I suppose tech support at 1Password could crack it. But, I assume that means ANYONE at 1Password could crack it.


hi guys

I'm thinking of ways in which we could educate our staff when it comes to the actual threats of security through emails like phishing.

However, if I wanted to send out reminders frequently like every fortnight, then I'm wondering what sort of content could be covered in order to not become monotonous?

Have you seen this done at firms you've worked at? If so, are there any tips?

Thanks for helping
we had recently password spray attack on our COMPANY.

We have on premise ADFS AND AD server. I was researching and found below
2.      In Unified Audit logs, searchable via:
a.      These logs are only maintained for 90 days and would have rolled prior to the escalation below.
b.      The customer can archive these logs via REST to a SIEM or other log storage solution for longer if required.

regarding point no. b is there any method where I can archive logs via REST or SIEM  method

we don't have on premise exchange all mailboxes are in 365.

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.