Go Premium for a chance to win a PS4. Enter to Win

x

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

In WatchGuard XTM SMTP Proxy definitions, it implies you can set up a rule for "masquerading".  However, how do you set up the replacement string?   For instance, if I want person@contoso.com to be redirected to person@contoso.org, it is easy enough to match the string and replace it.  But, if I want everyone @contoso.com to be redirected to their same name @contoso.org, how do you set up the replacement string?  You can use a wildcard on the string match but what syntax do they use for the replacement string to attach the portion before @contoso.com.   Seems that this should be a simple process for creating masquerading.
0
Veeam Disaster Recovery in Microsoft Azure
LVL 1
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

For some tools, they require to have ssh password in them to be able to login
to the endpoints to extract configuration of the device that it's managing?

Does NB media & master servers require to contain the endpoints credentials for it
to perform backups?

We deem it a risk if media/master servers contain the credentials (domain AD credentials
 or even the local credentials) of the  Win & Unix servers that it's backing up
0
Hi All

I have a couple of clients with SonicWALL TZ 300 routers, and am considering having them purchase SonicWALL’s Capture Advanced Threat Protection because it seems like a damn good idea! As I understand it, it's cloud based sandbox system.

Would appreciate hearing everyone's thoughts, concerns or experiences with the product or similar products.

Thank you!

Mark
0
hi, I need to find when user loging to our web site, which address or which zip/postcode, is there is a way to do that?
Other than find broadband service provider location.
Any tools may be i can buy more help full.Thanks
0
Hi expert  

how to open , 443/UDP, TCP and DNS from socket to internet in the management switch.

should it do it in switch or firewall?

kind regards
0
The scenario:

1.      We have a Windows XP computer which runs an offline PDF to Print comparison.  
2.      As it is XP we have taken it off our network for security reasons
3.      The XP computer is attached to an A1 scanner which scans a printed leaflet
4.      The software then compares the printed scan against the original PDF used to generate the print plates
5.      For reprints this is OK as a copy of the original PDF already exists on the XP computer
6.      For new prints the user needs to go to another computer which is on WorkGroup, browse for the file, copy the original PDF to a USB, copy from the USB to the Windows XP computer, then run comparison

It is step 6 which I am trying to improve.  Can I directly connect the XP computer to the networked computer using some sort of software that isolates but still allows a folder to be browsed and a file copied.  I hope I have made this clear
0
Dear All

I installed Fortigate 60 E and its blocking all the videos and Audios. Also its blocking all the social media sites.
0
Suddenly teamviewer could not connect to internet (at my client computers) so I could not establish a connection to my client after hours of investigating I figured out the its OpenDNS that blocks it.
(what leaded me to that direction I had send a link to teamviewer in a email to the client and it was blocked by openDNS

Any idea what I can do to solve this issue. I want to keep the computers filtered.
0
Hi Guys,

I had to switch our two WAN Interfaces on SonicWALL, (Thus X1 & X2)

1.  I switched the public IP configuration under Interface Settings
2.  and changed all the NAT policies, switching X1 & X2 for all rules


My questions,

a.  Is there any other rule(s) that need to be changed to switch primary internet access for LAN users between X1 & X2?

b.  I've noticed that some NAT rules refer to an "address object" rather than the interface (X1/X2) directly.  
These I did not change as the object's public address was still correct.  Is there a difference in referring to the interface (X1/X2) directly, or using an object instead?  
In my case, where I had to switch X1 & X2 ... the rules with objects made things a bit easier as it stayed the same.  Is this the only difference using an object or referencing to the interface directly?
0
Working on a project, need to restricted access to a network. end users that our domain joined, as well as mobile users, can access the network.  i.e "users that have the Cisco any connect app" using AD credentials.

What would be best practice for restricting access for the mobile users?

These are some methods I have come across.

MDM Server - This would not work in this case, due to the fact that most of the devices are not owned by the company.
CA Certs
GPO
Profiling in ISE - Not sure if this works how I am thinking it would.

Any input in the would be greatly appreciated.
0
The Evil-ution of Network Security Threats
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

hi all,

Can DB2 has built in Brute-force protection ? what tools /configuration needs for this.
0
Dear Experts, we have 1000 users located at multiple sites.
- The Headquarter office includes 400 users, has Cisco Router 3925, not yet Firewall.
- Site A includes 200 users, has Sophos Firewall.
- Each of Site B, C, D, E has 100 users, only has Modem Internet, not yet Firewall

In Headquarter, the AD server (Win Server 2012R2) is ready but we are not sure about the method to join domain for ALL users. We have several questions as below:

1. MPLS-VPN leasdline and VPN connection, which one is better in terms of performance and cost?

2. In case we choose VPN connection, should we choose Site-to-Site VPN or Remote-Access VPN, and why? Which devices should we buy?

3. As my understanding, in VPN connection, the users who connected will use the Internet connection from VPN server, is it right? If so, will the VPN connection is suitable for 1000 users?

4. For the Domain diagram, which model should we use for high performance and availability? We intend to install Addition DC in Headquarter and RODC in each site? Is it okay?

5. In Headquarter, all servers are VM and we have Veeam 9.5 to backup, but in sites servers are physical. Which backup software is the best for physical AD machines?  
0
Hi Experts,
In the intranet environment I am working with, when I open an HTTP website with a catalog of rest services, my AD group memberships are always applied such that I can see the services inside. Today I changed the web site to HTTPS by self-signed certificate, then I can still open the site (after trusting it in browser), but cannot see the AD group protected services inside. I can see these services in HTTPS only if I remove their AD group protections.
Why does this happen? How can I apply AD group membership when opening HTTPS site in intranet?
Thank you!
0
I have this config on cisco 3650 switch:
enable secret 5 $1$CjMf$vnUDcs1IGZSNACW
enable password 7 03124C0F0F5E79
!
username admin privilege 15 secret 5 $1$8zl1$kGUgJ5pHTOyz2
username tech privilege 15 secret 5 $1$QsH.$G.R4BJBhZh6K6jA

when I telnet it asks for username and password. When I enter username and password  it goes directly to: #_

How to go to: >_ and then to ask for another password?
1
What are the risks if MS NAC is installed in the AD/DC server (to save the cost of setting another
dedicated NAC server) & how can we mitigate this?

Was told NAC works by per L2 switch and not by per port?  Care to elaborate what my Network colleague said?
0
What specific ‘maintenance’ tasks in terms of IT are typically required once an employee has left an organisation? I wanted to do some spot checks to ensure they were being followed within our company, and 2 areas aside from the obvious ‘delete their AD account after a pre-defined amount of time disabled, was to also probably delete their mailbox and their home drives, but wanted to see if anyone else could share any other common ‘maintenance tasks’ if it’s in a checklist form so I can do some checks in our company to ensure they are being adhered to.
0
We already have SonicWall CGSS but that doesn't allow us to audit what websites a person or group of people are visiting. Any services / programs out there that will do that without going to Untangle or something cost prohibitive like that?
0
I have an internal CA. It's got a Root CA (offline) and a Subordinate CA (Enterprise). I am looking to enable code signing. I was successfully able to publish the template and get the cert for the administrators. What I can seem to figure out is how to get the PC to fully trust any certificate from the CA for code signing. I have the Root CA cert in the Trusted Root Cert Authorities and The subordinate in the Intermediaries Authorities. I know that code signing looks at the "trusted publisher" store. What I don't understand is why it's not trusting the certificate since it's issued by a CA that is in the trusted Cert Authorities. Anyways, I tried adding the Root and sub CA certs into the Trusted Publisher store and that also didn't work. The only way I could get full trust was to put the public cert into the Trusted Publishers store. I would like to just make it so that any code signing cert we ever issue, is trusted by my clients. what are requirements to make this happen? I don't want to update GPOs for evreyone's individual code signing certificates. Thank you.
0
Our HQ  (domain is  orgname.com) often have staff travelling to our country (different domain,
say org2name.com.au) as well as staff from our country often go there & we have separate AD,
DNS & MS Exchange servers.  In fact we are neighbouring countries.

We have a dedicated leased line between the HQ & us but with firewalls doing NAT in between.

Q1:
Will need to grant staff access to their mailboxes seamlessly without compromising
security.  What are the trusts to permit between our HQ & us?   We are regulated differently
by different financial regulators so credit card & our customers information can't be shared.

Q2:
We will maintain email Exchange servers and email filtering security tool (Proofpoint) separately.
Thing is staff who are seconded to be based here from HQ may go back once every 6-monthly
(for say a period of 3 weeks before returning): likely the staff seconded here will continue to
use HQ's mailbox but their laptops will login to our local country's AD/domain: any trust to
be permitted here & what are the best practices?  Usually staff seconded here (or vice-versa)
 for 1-3 years will go back to HQ once their term here expires

Q3:
We are also implementing email encryption (Voltage) & our HQ will implement it later (maybe
6-10 months later) : so need to consider this aspect as well.  Staff based here will use email
encryption of HQ & likewise staff from our country going there will use email encryption here.


Q4:
The staff that …
0
Automating Your MSP Business
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Looking for recommendations for a product that will allow tracking of files that are opened/moved/copied on a Windows Network.  I know there are many full blown enterprise level products that handle this, but I'm looking for a simpler, more localized equivalent.

I'm not aware of anything in native Windows Server that will allow this level of tracking.  Could be wrong about that.

Any recommendations appreciated.
0
Hello,

If you connect to a secure bank site, or even Facebook using HTTPS, on an open non secure WiFi, is the data between your computer and the site secure?
1
When I browse a http site I got the following screen.Verizon.JPG
same is if I browse a https site but using the ad link in the browser instead of the direct link http.jpg
I did a trace from the router (not from the computer) I got the following results see attached

On another computer on the network I do not have the issue, but have a wireless access point that does have the issue

I already did a ipconfig /flushdns

Please help
Trace.txt
0
Sometimes legitimate websites such as for hotels or companies get flagged by my Malwarebytes Pro as scam websites (the websites get blocked):

"Malwarebytes blocked a suspected bad URL or an unwanted program."

In these cases, as I need to visit for example a hotel's website to make a booking, would it be safe to use a Chromebook instead? Or use another solution to visit this website?
0
Hi

I encrypted a USB drive using BitLocker To Go in Windows 10 Pro and when I inserted it into a new machine it prompted for the password. Once I entered it in I noticed a More Options section which allowed me to check Automatically unlock on this PC. I have since realized I don't want this to occur but I don't know how to make it go back to the way it was. I looked in Credential Manager with no luck. Sorry I'm new to BitLocker.
0
I was recently tasked with setting up a VPN for a client of ours for accessing files from home. We are able to successfully login however when we try to map drives or access resources we are unable to. Mapping drives errors as is we are not in that domain. Trying to access the drives through Explorer returns the same. Can anyone assist with this please?
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.