Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post


I am not sure if I interpret this correctly but this security report seems to show a few workstations have some suspicious DNS activities and trying to resolve some DGA domain - please see the attached.  

I am not in the security area.  Someone who knows how to handle please advise.  

Many thanks.
IT Pros Agree: AI and Machine Learning Key
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Recently we bought a new firewall fortinet 100D to secure our company network.Our network is

now our network is flat network and we would like to implement VLAN also.

we have one unit Cisco 3750 switch ,now we already configure. firewall LAN port using and connected to switch port directly and working without any issue.

1.If we configure create the subinterface 10(Management),20(Server),30(Users),40(Wifi) and 200(Voice)what should i need to configure for the switch port connected to firewall ?
*All the traffic must visible in our firewall.

2.Our DHCP server is running inside the hyper-v and now the switch port i configure LACP with switch port mode access to allow VLAN 1 only.Do i need to configure to trunk and native VLANs ?if native VLANs is require which VLANs should i configure ?

3.How to migrate all my server to VLANs 10 without downtime ?

4.What is the purpose of management VLANs  i put it there just research online many people are design in this way.

5.How to configure the switch port which is user connected ?now all the user arw connect thier PCs via Cisco IP Phone ?
In Windows 2012 R2 we have setup and assigned a IPSEC policy. IN the policy we did not specify an endpoint on the initial screen since the IPSec tunnel is between two internal servers. My questions is it is required to have the firewall enabled and have a rule setup to force all inbound or outbound connections through IPSec? I guess what I am asking is  will IPSec work if the Windows firewall is disabled? Right now we are trying to test the IPSec tunnel between the two servers and only see Key deletions listed under the IPSec Stats everything else is zero and nothing listed under associations.
Hi guys

We have a virtual fileserver 2012 R2 on Vmware. If I was to enable 'Bitlocker' on there, would it affect anything in terms of people's access to shared files etc?

Also, by enabling something like that would there be a benefit? I would assume that the whole point of it is if someone stole the systems and tried to access our information that they would have to enter a password to access the information on the disk? So my assumption is that Bitlocker on an external disk or laptop, yes, but on a virtual machine sitting on premises there's no need?

Thanks for helping
Our Internal Audit is setting up a Teammate server (data & reports) plus a separate license
server (this license server needs to be authenticated by Teammate/ACL periodically).

Teammate will host financial data for auditors to analyse/review (using ACL, CAATS)
 for frauds so it's considered sensitive data.

Is it appropriate for both the license server as well as Teammate server to be SaaS
(like O365) or just the license server or it's best that they must not be SaaS?  For sure
if they're in cloud, the VM must be located in our country due to cross-border restrictions

Do we place the license server in DMZ & Teammate in the internal secure backend zone?

What other security design considerations to take into account?
Restrict license server to Teammate/ACL/CAATS sites only & the Teammate server
to be accessible to Internal Auditors'  subnet only?
We use Cisco StealthWatch and are disturbed at some of the activity we're seeing.

What's the best technique to research large downloads/uploads from a particular IP address, such as: transferring 3 gigs?

Per , I see this is registered to Microsoft so I don't think it's malicious.

The only IP's I've been able to figure out so are:
Windows Update:

Is there good site that knows what IPs microsoft uses and for what purpose?

I do have internet connection from ISP, all my phone, computers etc. can get internet access from the wireless router provided by ISP, however, I am thinking about building a standalone, segregated wireless network for my security camera system by adding another wireless router to do this job, under this setup,  a POE switch will be plugged into this wireless router, and all the cameras will be connected to this switch.  After having tried the old apple airport extreme wireless router without the internet, it does not function at all without the internet connection, one of the LED keep flashing orange color instead of green color.  My question is: are routers like this that have to work with internet connection? if not, any router model recommended to fit my purpose(work without internet connection)?
Are there instructions somewhere for setting up VPN on Ubuntu via command line?

Anyone can provide any reference please?  Thank you!!
There are numerous Wordpress & PHP vulnerabilities:
Besides patching, which is more appropriate to provide a mitigation
(looking at virtual patching) between an IPS or a WAF ?

I tend to think WAF is more for XSS, injection, brute force, "file inclusion", CSRF
kind of vulnerabilities (that are related to Secure Coding) while IPS in general
will match the vulnerability patches from product principals.

Correct me if I'm mistaken or is there a WAF (looking at Barracuda) that could
perform both WAF plus IPS functions?

Referring to the above link: it refers to another link below:

Would like to assess how accurate the comparison esp between Quad9 (which takes its threat intel
from APWG, Bambenek Consulting, Cisco, F-Secure, Mnemonic, Netlab 360, Payload security,
Proofpoint, RiskIQ & ThreatSTOP ... 18+ of them) vs CleanBrowsing.

The 2nd link gave CleanBrowsing top ratings in various security aspects though various links has
rated CloudFlare & Quad9 as giving higher speeds: so far has not found any links that say Quad9
/CloudFlare as better than blocking malicious or bad IP/domains.

I can't find any links that mention which are the threat intels that CleanBrowsing source from.
Anyone knows?

is there another way to verify the accuracy (just like verifying 'fake news') of the comparisons
in case it's  marketing-driven

Saw that Quad9 is free (but one site indicates we can buy Support service): does Quad9 send
regular reports to users (eg: how many bad IP/domains it has blocked or what protections it
has rendered for the past week/month) ?
Expert advice: How to get hired in cyber security
Expert advice: How to get hired in cyber security

Phil Richards knows cyber security. He’s the Chief Information Security Officer for Ivanti—and he has great advice for anyone looking to build a career in cyber security.

What's handiest way to leave a Windows 10 PC connected to my Ethernet Network (DHCP),
but totally disconnected from the internet?
I need to compare/evaluate various DNS security products, meant to to prevent
users accessing malicious sites;  not sure if it'll help with spam (say user register
their emails in unsolicited sites & got spammed from hereon).

A few products below come to mind but I don't know how to go about
Cisco Umbrella
Greenteam Internet
OpenDNS (now under Cisco)

Much appreciated some guidelines & inputs
Hi guys

If someone asks, how do you encrypt data in transit, then how would one answer that? That question is quite vague, no? I mean, we have VPN connections from site to site. We also have an MPLS network. Along with that, we have an email system with SSL certificates installed for the OWA, but then I wonder whether that means Outlook data is not encrypted but only encrypted when using OWA?

Any help is appreciated
hi guys,

If someone asks 'do you encrypt your data at rest'? on a Windows 2012 Fileserver, then how would you implement that? We also have Sophos AV  on all machines in case that helps?

Thanks for helping
hi guys

We have a load of Watchguard Access Points and they are connected to a Draytek 1100 PoE switch. This switch is then connected to our backbone switch which is a Cisco 3750.

We have set DHCP on the WiFi network that the access points are on in a way to be from on wards and the management IP of this Draytek PoE being Every single day, people complain about not being able to access the internet properly and then it fixes itself again. Then it happens again.

When they do complain, I end up not being able to access the management IP page of the Draytek on This makes me believe that it is in fact this particular PoE causing the issues we are having.

Could that be the underlying problem?

Thanks for helping
I want to change an ip range's dns-service from default to a policy I created.

current CLI:

set dns-service default

what would the commands be to change?
How is an Arbor Peakflow DDoS report useful for IT Security
metrics reporting?  See the attached sample

This question is raised in monthly meeting
For popular devices like Cisco switches, there are centralized tools
like TACACS & Radius that can be used for password policy (eg:
complex password, password expires every 60 days which CatOS
/IOS can't enforce) and patch management.

However, for IOTs like SCADA PCs, Moxa switches, security CCTVs
& Mitsubishi PLCs, is there any central management tool that could
do password policy management and centrally deploy patches??

In particular, there's a strong user requirement to connect these
IOTs to enterprise network & the enterprise network is connected
to Internet.
We have setup an internal VLAN on our WatchGuard for Guest wifi access. The vlan works as expected and anyone who joins gets the expected IP address/ can browse the internet no problems. What we cant it to do is to work correctly with outlook web access. For some reason whenever I try the owa address I get redirected to the watchgiard ssl login page. If I try on any other external connection it works fine. I have tried an nslookup on the new guest wifi and our other external connections and they all point to the correct external address. ie if I am connected to one external wifi and try to access the url xxxxxx/exchange it work fine and an ns lookup is pointed to the correct external address. If I try and accesss xxxx I get presented with the iis page. If I try the same when connecting via the guest wifi, the nslookup shows the same external ipaddress, however if I try to goto to xxxx/exchange I get a 404 page not found error and if I browse to xxxx I get the watchguard ssl login page.

What am I missing?

Learn Ruby Fundamentals
LVL 12
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

I'm looking at Votiro, Proofpoint & Israel email security products
to reduce spam, emails from bad reputation IP, emails with
malicious attachments & URL.

What are the features/criteria to assess or look out for?

Esp if I'm on O365.

a) can link to SpamHaus, RBL etc to get bad reputation IP?
b) offers CDR, sandboxing?
c) can claw back malicious emails from users' mailbox once
    Sandboxing completed analysis that an email or attachmt
    is malicious (Proofpoint has one such  product)
d) can withstand email blasting (eg: 80000/minute)
e) in the event the device has an issue, the ease / turnaround
    time to disable it (without changing MX record)
f) allows us to specify IOCs (bad reputation IP obtained from
    threat intelligence or specific payload's hash)
g) the ability to integrate with DLP products : is this supposed
    to be a function of O356 Exchange Online or the filter
    device (as usually such device will be registerd in MX):
    I recall Proofpoint used to be able to integrate with a
    network DLP Codegreen or am I mistaken?
h) ... help add on ...
Was told Exabeam UEBA  charges based on # of staff & no agent needs
to be installed in endpoints as it correlates/uses Splunk's data.

Since this is "user behavior", should we pipe users PCs/laptops events
to the SIEM (hv Splunk in mind) or in general, people only pipe servers
& network devices events to Splunk (ie PCs events are not piped)?

Splunk gave me a spreadsheet for sizing which did not have a column
to input # of PCs/laptops while in the bank I worked for previously,
PCs/laptops events are not piped to SIEM.   As Exabeam correlates/
analyses users' activities, shouldn't the PCs events get piped as well?
Please help identify any valuable conferences in the US that an IT Supervisor like myself should consider attending.
Topics could be general in nature on security or cloud systems and even as detailed as VMWare tech training or other useful courses/ trainings.

My employer is willing to allocate some funds but wants to know which  conferences, summits, events etc should be considered and I'm not familiar. Microsoft Ignite is one example I am aware of. A topic choice for my question did not exist so chose what closely matches, but is not what I am limiting the question to.
Hi guys

We have an application on our work premises that people externally use VPN to access. The port has been set to 'ANY'. However, if I wanted to lock this port down, I have some issues as there is no documentation on what the ports are. When I look at the firewall logs, I can see that the source port always changes but the destination port stays the same. What does this mean if the source port changes but the destination port is the same? I assume the destination port is the port on the application on our side and therefore we can lock the VPN ports down to this destination port?

Thanks for helping
We are moving some of our apps/systems to the cloud.
However, some vendors for the cloud projects came back to
say that the OS is a stripped down Linux which is hardened
& that it's not applicable to install/run AV.

In view of high profile attacks and audit requirements, I
loathe to raise exemption/deviation even if the cloud VM
is not accessible to public (ie firewalled to our corporate
only).  I noticed that AWS & another vendor that uses VM
on WIndows guest offers AV

Is there a quick/easy way for me to verify that the 'strip-
down Linux OS' the vendor uses in the cloud truly could
not support AV?  Guess by running 'uname -a' is not
enough.  Or is there a script for me to verify?
Or can I verify by checking what are the past patches
they had been applying?  If it's all RedHat/Rhel patches
then, it's just simply a hardened RHEL which should
support many AV

What are the usual audit requirements for AV for a custom
Linux VM in the cloud?  Don't really need an AV under what

If it's truly a stripped-down Linux say based on CentOS or
FreeBSD, can I assess the patch requirements based on
CentOS & FreeBSD?  I recall when running a VA scan
against a PABX that's based on RHEL, all vulnerabilities
for RHEL are applicable & the PABX vendor produces
the patches though they are behind RedHat by a few
months in coming out with the patches.

This reminds me of IOT, many of which are appliances
that customizes their OS from …

I have a PFsense router at my location and there has been some malicious activity coming from a device on my network.  Our ISP has notified us that they think that it's a problem with port 23 and if I block it that should fix the problem.  I've blocked port 23 outbound and inbound on all of the interfaces.  The complaint to our ISP gave a reference to BitNinja to check on the malicious requests sent from our network.  Here's a copy of the last request:

    "PORT HIT": "98.#.#.#:21349->185.#.#.164:8899",
    "MESSAGES": "Array
                [01:36:54] => REMOTE HI_SRDK_DEV_GetHddInfo MCTP/1.0

I see that on 11/2/18, the malicious activity was on port 23.  Now, today I see that it's going on port 5680.  And the latest request was 8899.  

I don't know what device is doing this.  I've scanned the network and don't see any unknown devices on the network.  Here's something strange that happened.  There was a car in our parking lot with dark tinted windows and ghetto rims.  He was always gone when I came by the office.  I was talking to someone in the office and they said that that strange car was back.  I asked if they saw the driver.  She said that he was sitting in the back seat.  I remoted onto a computer in the office and scanned the network.  An IP address showed up that shouldn't be there.  I pinged it but it didn't respond.  …

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.