Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,

Can anyone please tell me step by step how to stop a Watchguard XTM25 from blocking downloads of EXE files from a server hosted website (so need to add an exception as an IP address) .

Many thanks

Adam
0
On Demand Webinar: Networking for the Cloud Era
LVL 10
On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

I have a user that is abusing their privileges and would like to block services internally. A user wished to have the Dish Network application installed on their laptop to use while traveling. There has been reports that the use was using the application in the office while on the network. I wish to block services to this application while on the internal network. I currently have Palo Alto firewalls on the network. How do i block this service from my internal network?
0
I know very little about watchguards (or really most complex firewalls).  I have 2 watchguards in location A and location B.  looking at the policies on the main office's watchguard, I have 16 rules.  wonder which are needed?  

This is an XTM21 (old unit, right?)

it takes a few seconds to go from screen to screen / get the list of firewall policies, etc. 'retrieving data' on screen for 9 seconds... there's 16 policies in the list.  Is that a long time for pages to load?

a) do you just replace watchguards after x years because they are old?
b) do you reboot them on a schedule? How often? every week? month? year?

This watchguard is set up for:Exchange on the SBS server on the LAN, General surfing from inside the office, VPN to the other location and phones being able to connect to the exchange server from outside.

How many rules should those take?

Looking at the policies, I think this is what are set up. I inherited this network so may be unneeded / defaults that came with the box?
FTP OUTboundSMTP (192.168.2.3 to Any external)
GeneralProxy (From HTTP-proxy to ANY  Trusted)
SMTPtoMailSrv (From ANY to 75.127.x.x->192.168.2.3)
HTTPtoMAILSrv (From ANY to 75.127.x.x->192.168.2.3)
POP3toMailsrv (From ANY to 75.127.x.x->192.168.2.3)
IMAPtoMailsrv (From ANY to 75.127.x.x->192.168.2.3)
HTTPStoMailsrv (From ANY to 75.127.x.x->192.168.2.3)
RDPtoMAILsrv (From ANY to 75.127.x.x->192.168.2.3)
Voicecom mail system (From ANY to 75.127.x.x->192.168.2.3)
Watchguard …
0
Hi
I have to enable TLS 1.0, 1.1 and 1.2 in Internet Explorer on my laptop before a VPN can connect? how can I change this settings so I don't have to enable these in IE?

Thanks
0
I need a web service to remain secret and would use CloudFare or a similar technology to prevent DDoS attacks. Aside from DDoS, what other types of attacks are possible?

I assume my web service domain would be totally hidden, but need to be sure there is no other known threat to it.

Thanks
0
What options are there to protect a web service from a DOS attack?

IF the web service were accessed only by my Objective-C iPhone application, and nowhere else, is this web service protected by the "security through obscurity" model? Or, can hackers crack open the source code of the iPhone app, like Apple can?

What about if I put the URL to the web service into the SQLite database and encrypted the Path?

So, when my app needs to request information from the web service, it does a DB lookup in the SQLite database for the path to the web service. When it gets it, it decrypts it. Then, using a variable (in memory) only, it makes the web service call.

Does this protect from a DOS attack to that web service call?

Are there easier ways?

Will this work on Java for the Android?

What about on my website?

Thanks.
0
I am new to PA firewalls and wonder what's other's opinions compare to Ciscos please.  I heard they are user-friendly but security guys hate them.  They can be very pricey as well.
Thanks in advance!
0
Hi, we are in work group environment, using cisco c3925 as the router facing Internet. How can we know the Internet pages where users access? Do you know any free tool or devices? Many thanks.
0
Hate to admit how little I know about UTMs .

Have a watchguard UTM (X10e), that I am trying to make changes in a firewall policy for people to access a new camera system that requires different ports than the old camera system.

FIgured I'd just edit the existing policy that someone else set up - the new system will get the same IP as the old system.... I just need to change the ports.  the old system used different ports than the new one.

I go into the web UI (192.168.1.1:8080), log in as admin go to firewall / firewall policies.  On that screen, I highlight the camera policy and choose the edit button.

The policy loads but I don't see how I delete existing ports / add ports on the properties page... There's a watchguard  program I could (need??) to use?  There's no add / remove buttons on the properties page, like on the policy page.

Am I missing something?  

By the way, I keep saying I need to learn UTMs.... any thoughts on Watchguard vs other brands?   Best way to learn about how to use / manage them?
0
I am wondering if anyone has any feeling for the error rate on any of:

- Iris scans
- Face recognition
- Finger print

I was just wondering...

Thanks
0
Ransomware-A Revenue Bonanza for Service Providers
LVL 4
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Hi there, I need to create wifi network with official lan.
I need to now know to do it and things to keep in mind.

Also, It would be better if a person has to provide his official credentials to join the wifi group.

Regards
Anil Chauhan
0
I get a security warning from Outlook (desktop app in Windows) about an invalid certificate.

I've had a similar warning on my Android device for weeks, but the warning in Outlook appeared today. On the PC, I can see that autodiscover.msn.com gets a certificate issued to outlook.com.

On the Android device, I just get a suspicious warning about an invalid server certificate.

I don't think there anything I can do to fix this issue. It's probably a redirect issue on the server? My email account is a very old hotmail account on the msn.com domain, and a few years ago I added and outlook.com alias, and later I set that as the primary address for the account. Maybe that's not a very common thing to do.

Also Outlook 2016 has become extremely slow lately, and it hangs and displays disconnected and warning icons. Maybe this behavior is related to the security issue, but I'm not sure.

I've tried removing the account and adding it back - and not only the msn.com/outlook.com account, but all email accounts in Outlook. Didn't make any difference.
0
Hello ,

We are facing with some kind of an attack as given below  also i have attached the pcap file ,

important thing is that  ;
  1. IP addresses spoofed with our country's ISP ip addresses
  2. TTL has been spoofed also and the TTL values are in the range of the ip address owners - you should find and edit the same ddos on github with name VSE
  3. Data is a copy of real packet used on this protocol for counter strike
  4. Destination port is also counter's port
  5. checksums are correctly generated

how should i block this kind of attack without blocking the real users ?



Protokol :17  Source IP :85.104.15.177  Source Port :58061  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :9777  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :95.13.27.190  Source Port :55271  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :64648  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :88.238.142.125  Source Port :55150  Destination IP :213.238.166.2  Destination Port :27015  TTL :105  Paket Boyutu :51  Checksum :37970  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :85.103.139.224  Source Port :52054  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :49529  Data 

Open in new window

0
I need to draft sort of guideline to govern Remote Access by external vendors/parties.
Anyone has any documents or links to share?

Off hand, I can think of:

a) for access to UAT/development servers, remote access with encryption (eg: ssh
    or RDP) needs to be video-recorded / screen logged for long-term vendors who has
    signed Non-Disclosure Agreement with us.  UAT/Developmt may contain actual data

b) for access to Production, an authorized staff needs to initiate/trigger the connection
     (eg: WebEx or Remote Assistance) & watch what's being done with screen logging/
     video recording of the session

c) do we need access through a jump host (I've heard of RDP jump host)

d) the external parties/vendors PCs need to be updated with latest patches & AV
    signatures

e) every single staff of the vendor needs to have indiv account (ie no account sharing)

f) under what circumstances do we need 2FA ?
0
What are the ways to get RHEL patches ?

1. Doing 'yum' to pull down directly from RHN support
2. My Unix admin told me he could download via Tcp443 all the rpm packages
    for RHEL 7 patches (to a development server in DMZ) & then do 'yum'
    against these RPMs : is this true?
    Then he can scp/sftp these RPMs internally to other RHEL (or share out via
    NFS) servers to update patches to the other servers.
3. Set up a Satellite server : there's cost to this.  Is Satellite servers hosted in
     DMZ as a practice
4. Any other methods?

Which of the above are more secure?  We prefer not to let all servers directly
'yum' to RHN support due to security & bandwidth concerns
0
Our audit requested to do the above but from what our mobile applications team's
understanding, we usually scan the mobile applications website, not the device.

Is it essential & what are the ways / tools people use to scan mobile apps running
on mobile phones & iPad (IOS specifically) or usually people just do secure coding
on the apps, do static codes analyses (using Fortify etc) on the codes only?
0
In our environment, secure zone refers to internal zone which hosts the critical backend systems
while DMZ hosts the more 'exposed' systems.

We got an audit finding that supporting infra systems (like SCCM, WSUS, NTP, our internal Vulnerability
Assessment scanner) should not store authenticators (I assume this refers to credentials) of the
critical systems (critical financial systems that transacts huge amount of $) that are hosted in the
non-DMZ (ie secure) zone.

Q1:
Well, SCCM (which we use to deploy PCs patches & collect info from them & these PCs include PCs
used to make/process large payments) & WSUS (which deploys patches to all servers include the
critical/sensitive servers)  will need to have access to those critical systems to be able to deploy
patches.  Any idea if SCCM/WSUS store authenticators ?    We place these systems in our DMZ;
should we place them in an isolated/more secure zone?

Q2:
I presume when SCCM/WSUS is compromised, hackers could access the critical PCs & serrvers
via these tools?  If so, what are the mitigations?

Q3:
We also have Cyberark tt we lodge admin IDs of critical servers in them?  if this Cyberark server
is hosted in DMZ, what's the risk?  What are the mitigations?  The vendor who help us set it up
suggested to place it in DMZ (so that we could access via Internet to approve access requests):
is this risky & what are the best practices to mitigate?  I'm inclined to think these vendors are
seasoned in selling …
0
Our company is setting up around 100 notebooks to connect to the company WiFi with WPA2 pre share key, as an alternative for connecting to the wired network. The WiFi admin wants to distribute the pre share key automatically and transparently instead of informing users to input the key.
I found that Microsoft did not support the key to be sent thru GPO policy.
Is there any other way for doing that? e.g. running some scripts when user logon to the domain...

Please advise.  Thanks.
0
Hi,

I really need a help and guidance on how to go about setting up a wifi hotspot at our Cafe. We have regular customers which comes every morning to have cup of coffee and little snack. Normally, customers comes while they have their coffee for about 10 to 20 minutes and then go.

I would like to offer a Free Wifi to all my customers who comes to my cafe for coffee for 10 or 20 minutes.

I should be able to print out a wifi voucher which they can use to access the internet on their mobile phones or laptop. But usually it'll be just a mobile phone. The internet will be stricted ONLY to checking emails online and or Facebook - nothing else. It should not allow them to download softwares, torrents, since we dont have unlimited data to our ISP.

Remember, that after 20 minutes, the voucher should die out. And it can only works to one mobile phone.

Anyway's that is the plan and i hope i can get answers on how to proceed and going forward.

Thank you and i look forward to comments.

Kindest,
Bakaka
0
Efficient way to get backups off site to Azure
LVL 1
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

hi guys

Our consultant teams have run a report for security and a good 10 people's email addresses are available on the dark web. What is the best practice from here for better securing ourselves? Change of password? 2 Factor Authentication for OWA?

Thanks for helping
Yashy
0
Is there a way I can add a linux box to my domain network for monitoring purposes?  I'm a complete novice on this particular topic and don't know if my question even makes sense, but I have lots of spare machines I could use and dozens of Linux software disks that have come with my subscriptions to LinuxUser  and to Admin.

Is there a trade pub that would cover this, or a white paper?
0
I would like to get opinions on the best antivirus for a small (less than 6 Windows devices) LAN. Thanks for your help.
0
Hello there,

I"m reviewing the 802.1x's microsoft implementation to get handle on it  and consider its possible implementation in our environment. At this moment we don't have a domain, as a matter of fact we're mostly macs with no network os. I've been reading Microsoft documents and it seems to me 802.1x can be implemented without joining the computers to domain.  I've found quite a few hurdles as i keep reading and testing this so i figure it'd be a great idea to pick someone else's brain...
First, can i implement NPS in a non domain mac environment  environment? Should i consider open source for radius instead?
If any of you have implemented it, is there any lessons you would like to share with me as keep testing.

thanks for your help..
0
I am trying to open a port on the domain for all computers in the domain via group policy, I did the following;
Computer configurations/Windows settings/Security settings/Windows firewall with advanced security/inbound rules.
New rule
Port
TCP 155
Allow connection if secure
Entered the authorized computer that will be accessing via this port
Domain
Name - finish
Assigned the rule to the domain
Did a update cmd
But the port is not open
Working with a server 2012 and window 10
Open-155.JPGPort-155.JPG
0
Dear Team,

There is port already open between  Source -target servers.
i have tested the same using telnet command.

However while I am creating some Datasource in Application server, i am getting  the above error message.

Kindly let me know if there anything required  at OS/App servet/network side .

Kindly advice
=== ERR MESSAGE IS =========
>
<Aug 7, 2017 4:52:24 PM AST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating activate task for application 'test'.>
<Aug 7, 2017 4:52:24 PM AST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
java.rmi.RemoteException: [Deployer:149150]An IOException occurred while reading input.; nested exception is:
        java.net.NoRouteToHostException: No route to host
        at weblogic.deploy.service.internal.transport.http.HTTPMessageSender.sendMessageToServerURL(HTTPMessageSender.java:343)
0

Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.