Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

A customer called a number claiming to be HP and spoke to someone who ran LogMeIn onto his PC, logged in, and told him that his computer has been the target of hacks and that people "in another state are using his computer to launch attacks."  Anyways, I logged onto his computer, did a full virus scan, reset his Windows Firewall settings, ran SFC, and checked all his startup programs and nothing come up unusual.  Is there anything else I can do to verify that there's no damage or back door left on his PC?
0
Put Machine Learning to Work--Protect Your Clients
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Hi Experts,

I am installing new wireless equipment at a very small motel this week. They have AT&T business internet and just want to provide an SSID and password/key to guests to connect. No splash screen or anything like that. They were originally using Netgear signal boosters that you plug into wall outlets, but customers stole them.

I told them I would only use pro-level equipment, so I have ordered 2 UAP-AC-PROs and the Ubiquiti 8-port 60w PoE Switch for 12 rooms. Eight rooms are in a 2-floor building, four on each floor and the other building is just four rooms on a single floor. I plan to install one AP on the ceiling in room 3 (middle, bottom room) of each building, including the two floor building. The rooms are small so I think this will suffice.

Questions:

Do I need to order a security device or new router? Can I use the AT&T provided router and connect it to the Ubiquiti PoE switch and configure the WAPs using the Ubiquiti controller software installed on the office PC? And will that software without a security device or new router be able to provide two SSIDs?

The owners are trying to save money (of course!) so I wanted to see if any other gear was necessary. It appears that the solution I've provided will do the trick, but it is not ideal security-wise. Any advice is appreciated!

Thanks,

Rich
0
I understand the exposure of having a public facing website with username root.

So, I have created a new username and changed my WordPress site to use that new username.

Shall I delete the "root" username?

Thanks.
1
I have a DVR system for my IP camera systems and I have a sonicwall firewall. I need to access my dvr through my public IP address while out of office. I did the following steps:

Creating the necessary Address Objects

step 1
Then I did

step 2

Creating the appropriate NAT Policies which can include Inbound, Outbound, and Loopback

Then I did

Step 3

Creating the necessary Firewall Access Rules

then Firewall.png

I did these steps and still cant access the DVR system when outside my network.
1
Hello,

we woud llike to configure firepower 2100 in our datacenter,  here  is our plan:

We do the cabling from our Router to  Firepower 2100(IPs)  , and the do cabling from Firepower2100 to our network switch.  We monitor incoming and outgoing traffic on Firepower port.

Is it the proper design?
0
Hello experts, I have a client running Server 2012 with 10 client PCs, the Symantec anti virus flagged up a dodgy file this morning, it blocked it but it prompted me to investigate. I found that one of the client PCs shows logon activity using the computername$ account at about the same time as the file was found, and later on the server computername$ account. The system is using a draytek router, which had Remote desktop enabled previously, this has been turned off since January but when I checked the firewall, port 3389 was still enabled. I have disabled that and rebooted the router. I am currently only using VPN as remote access.
So far, all appears OK on the system. My question is regarding the $ accounts, I was aware of them but never used them, can they be used without a password to gain full access, is there anything that can be done to guard against this?
0
Hello Everyone

I'm an aspiring Cyber Security Analyst and currently I'm studying for my Sec+. I currently have my A+ and want to move away from the Help Desk as I find this not in my passion to do but more so to be hands on and not dealing heavily with end user contact as much as a Help Desk position would. When I try to research entry level positions to become a Security Analyst it seems almost impossible because of the experience that is wanted/needed. I understand that. This is now starting to make me feel as if I chose the wrong path, I also as well have a strong interest in becoming a Sys Admin as well. These two are my primary focus. Any suggestions for someone who only have help desk experience to move into a more hands on role for a Cyber Security Analyst. Or is it best to become a Sys Admin and then transition into the Security field?

Thank you

Also any suggestions on tools or virtual labs that will help me learn cyber security tools and gain my own hands on practice
0
Hi Experts,

I am working and creating a working document for out network  to report any reported network incidents and procedures.

Any suggestions or pointers

Thanks
0
hi experts,

 I've been asked to design it, present it as to why it needs to be done and implemented. Can someone with experience in this subject on how to proceed , what information I need to gather and what steps actions need to be taken to secure and protect uers/network/workstations from ramsomware.
0
Not really a problem but one for the enthusiast maybe? The vlan options appears to have been removed from AMT version 6 to 10, the latest. Is there a way to turn it back on?
0
[eBook] Windows Nano Server
LVL 1
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Hi guys

Could you tell me what is the GPO to enable this  %windir%/perfc and push to all WKS ?

Thanks
0
We have heard that it is possible that TrueCrypt can be accessed when the volume is mounted; it’s keys be retrieved.  

What considerations should one take in account for this possible breach of data?

... and does other OTFE apps suffer same conditions or flaw?

Please advice.
0
Dear zealots, I am configuring Routers and Switch to mitigate DDoS attacks, following this article: http://www.infosecwriters.com/Papers/HChau_Cisco-DoS-DDoS.pdf

However, when I enter "no ip directed-broadcast" into Router and Switch's interface mode, then it cannot be displayed when I hit "show run". Do you know why? My devices' version is 12.2 (Switch 3750/3560) and 15.1 (Router 3925)

And should I apply this command on VLAN interfaces in Switches?
1
I have 300 Ubuntu 14 PC's that I block all internet except a whitelist - I do this by disabling dns, and have the central server do dns lookups for everything on whitelist and put it in a hosts file and have all the hosts use that. Obviously, this is a bit hacky but it worked.

The problem now - I have a need to whitelist *.slack.com. Slack says subdomains change too much, they cant provide a static list, or even a current list and then let me update it.

So I guess I need to enable DNS - what might be easy ways to still restrict to a whitelist of domains? I can easily run shell scripts on all 300 machines. (they check in with central server and grab a script and run it regularly). So anything I can install/configure via script is a viable option...

If it's not too hard I could set up an ubuntu machine to be a dns server.

Basically what I want is whatever is easiest so that I can just provide a whiltelist, that is allowed to have wild cards like *.slack.com and block everything else. I suppose it doesn't actually have to be a DNS based block if there is some client app.

Whatever it is, I am OK to set up a server myself - but the clients, it needs to be scriptable install/config.

I want to be able to update the whitelist easily/quickly.

Any ideas/suggestions?
0
We have blocked yahoo, Hotmail, gmail, dropbox :
our audit says there are some lesser known ones that were
not blocked by our Bluecoat proxy.

Anyone can help list out these browser based emails &
file sharing tools ?  Would like to cover more to be thorough
to prevent data loss/leakage
1
Hello Everyone!

We had some security cameras installed and the installer asked me to open port 8000 for the dvr.  We have a Sonicwall 1260 Pro and I followed the instructions for port forwarding.  I created the service for both TCP/UDP, port 8000 and then created the group.  I used the public server wizard to allow public access to the camera ip.  After everything was complete I used the site, http://www.yougetsignal.com/, to check if port 8000 was open.  Unfortunately, the port is still closed.  I'm stuck figuring what I could be doing wrong.  We do have 2 static ips for the site.  The other ip is used for the fax machine line.  i don't know if this could cause the problem.  Any help is appreciated.

Router: SonicWall 1260 Pro
ISP: Cox
WAN: 72.205.202.66
Camera IP: 192.168.168.62
Port: 8000
img.png
0
We currently have a Dell Sonic Firewall that is our firewall as well as our company router.  This is our main router for all of our sites in the company.  We have 16.  We implemented through our EMR (Electronic Medical Records) software an upload to a billing company.  They in turn configure and print bills and send them out to our customers.  This has worked fine for over two years.  When this was implemented, we were not required to make any firewall changes at all.

A week ago, the user doing this procedure received an error that the file could not be uploaded.  She called the EMR company, who in their effort to troubleshoot the problem, changed the upload method from ftp to sftp.  She then tried to upload and she got an additional error that port 22 was unable to send.  Seeing that error, the EMR said that the problem has to do with our firewall.  I spoke with the billing company who tried to do a trace route to our external IP.  They were unsuccessful, but I was able to do a trace route to them.  The only caveat is that the user can do this procedure from home with no problem.

I am willing to make firewall changes if necessary, I just don't know what they would be or why it is necessary now, if no one has made any changes other than the upload method from ftp to sftp.

Please help.  I am desperate.
0
We recently migrated from SBS 2003 to Server 2012 R2. I have a user who frequently gets locked out of her account. She's the only one having the problem. It happens for reasons we cannot account. This morning she attempted to log in and couldn't. I was able to log into the machine as the domain admin. She logged in on the first attempt (so we know it's not password-related). We disabled the password policy, I unlocked her account on the server, she logged in on the first attempt, had her restart, she got locked out again. (Windows 7 workstation in case that makes any difference.)

I changed the domain security policy to disable lockouts (at least I think I did). I tried doing the same thing locally, but mmc (with the security policy snap in), and gpmc and secpol all had all lockout policy options greyed out.

No other users are having the problem, but I'd like to nip it in the bud just in case someone starts to have it. We never had any similar issue on SBS 2003. (Then again, 2003 probably had very little security.).

I've looked at several Microsoft articles, and most of them tell me to go to settings that are grayed out.

Anyone have any thoughts? Thanks. (If you could detail steps for what to do, please do so. I'm not super-familiar with the security components of WIndows Server.
0
It happens I need to keep my laptop (Windows 10 Home) powered on during night to save time for a lot of opened websites and documents I don't want to open anew each morning. But often when I resume work in the morning, the laptop is very slow when switching between the website tabs in the browser, and probably I get virus or other problems during night.

Is there any way I can protect it during nighttime, for example by turning off all ports? Otherwise, I only put it in sleep mode as it is now, but still it seems to get infected during nighttime.
0
Database Solutions Engineer FAQs
LVL 2
Database Solutions Engineer FAQs

In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller single-server environments.

I have 5 IP/s available from my ISP. One IP is for am internal website (registered at godaddy) and we are using 1 for our router IP that I plan to use for port forwarding (VPN, RDP). I am unable to assign the Wan interface to 2 different IP's. Could not find answer in manual.
0
We developed some apps for our customers.  Besides scanning our mobile/IOS
website, auditors have required that we scan the IOS/Android apps that we have
developed for our customers IOS devices.

Q1:
is this a feasible or common practice to scan the apps running on clients IOS?

Q2:
What are some of these scanning tools that anyone can suggest?

Q3:
My view is to scan the mobile portal that we offers, not client's mobiles/iPad
0
Q1:
Does anyone scan Disaster recovery site, UAT, SIT & Development
sites?  

Q2:
For cold DR site that uses the same public & even the same
internal IP (as in ours) & same URL, I presume external it's not
possible as we'll hv duplicate IP.  One PCI-DSS doc suggests to
do VA & PT scans only for warm & hot sites: is this the common
practice?

Q3:
What about internal VA?  Do we do it on UAT, SIT & cold DR?

Q4:
Assuming cold site DR is powered down / isolated (ie not used
by even internal users), still worth doing external pentest &
internal VA?  When we apply fixes/patches/address vulnerabilities,
we propagate to our cold DR

Any best practice papers / authoritative links will be appreciated
1
I am going to setup a new PFSense firewall. There are few pieces of equipment on the network that I don't want to have to pay for public facing static IP's for, but I would like to open ports up so they are publicly available to the maintenance people when they are offsite. How do I go about containing those IP's so they can only see out to the internet and not internal to the network in case those pieces of equipment were to be compromise?
0
I am setting up a linux server on a small network for people to access their files, each windows computer will have local login.
I will create logins on the linux server that will be for each individual on the network.
I will map each computer with the appropriate folders that belong to those users.
How can I handle it if someone else needs to use someone else's computer and would like to access their personal files?
Should I have 2 logins, one belonging to the user of that system and a guest of some sort but how can they get to their files easily without needing me to map the drive for them? I need simple because these are not very technical people.

thanks
0
Any simple and good reference to explain the difference between time-based one time password and traditional OTP?  

Besides,  what are the risks and concerns of using freeware token app, e.g. FreeOTP?
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.