Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Share tech news, updates, or what's on your mind.

Sign up to Post


I'm looking into setting up 802.1x authentication via AD on Aruba IAP.

Do I need to have Clearpass appliance installed in order for it to authenticate?
KuppingerCole Reviews AlgoSec in Executive Report
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

I have an existing installation of Dell Netextender on my home computer and need to know how to change the DNS setting.  

dns settings
Looking for a cost effective appliance based VPN solutions (Preferably clientless), for small business.

We have a number of small clients that we have been using the Netgear fVS-336s with a lot of success but they are no longer supporting it.
Some users remain on as much as 8-10 hours per day.


We have this script to delete phising emails from our organisation, however we also these requirements:

1)      We need to add into the search-mailbox after -searchquery an additional requirement for date or time, as we only want to search for emails since a certain date. We use this script to delete phishing attack emails, so we know when they started, so need to be able to search for all emails since a date and delete them if the subject matches. So the most recent example, would be all emails containing subject “RE: NOTICE: MC Support UPGRADE.” however only emails received after 01/03/2018. I assume we can just do -searchquery “Subject:’Content of Subject’ AND ReceivedDate:>01/03/2018” or something like that?
2)      We need to be able to search for subjects with special characters in. –searchquery “Subject:’RE: NOTICE: MC Support UPGRADE.’ Will currently give an error as it won’t like the : in the subject.
3)      We need to be able to search for the above criteria, but also potentially include only emails from certain email addresses. One of the phishing emails was “RE: Attention (Staff Migration)” which could be very close to something we actually send to users. The phishing email only came from a certain email though, so if we add an extra criteria for sender, that would help us focus the search.

Please can someone show me how to achieve this?

also I would appreciate if you any other suggestions for improvement.

$mbs = Get-Mailbox 

Open in new window

What are some basic steps I could take to ensure our network is secure from outside intrusion?  We have a SonicWall and Sophos Anti virus, but what other things can I do to make our network less apt to be attacked?  What holes can I test and plug?
I have folders on a network share that are constantly moved. Is there a way to lock down folders on a share drive so that they never can be moved?

People move a folder without knowing it and  the next day we have to look for it

The file servers are Windows Server 2012 r2
I'd like to ask the experts here what you'd say are some ways and ballpark costs to block people from accessing 'adult sites' in a work environment?  Mostly at a PC on the office domain. But there's also wifi they could use.

Some background:

It's an SBS 2011 Standard domain with 7 users at desktops. There's a low end Cisco router (RW-215).  There's 2 wifi VLANs - an office SSID and public SSID supplied by a group of Ubiquiti unifi UAPs

Depending on cost, they'd want to block adult sites on office VLAN for sure, and maybe public VLAN

I haven't deal with this in a while.

I remember Open DNS had a (free?) service that allowed category blocking? But the devices had to use OpenDNS DNS servers. Enforcible for desktops, but not enforable on employee wireless devices and not on people's devices on public wifi

Having not dealt with this in a while, my vision is that it's never 100%? Sites are always popping up - that won't appear on lists of sites to block - and if people are motivated to get to them, they most likely can.  If the public wifi VLAN is not site filtered, they can use that.  Or heck, they can use cellular if they really need to see porn at work.  I would think they just make an employee policy not to go to those sites rather than go through the trouble of technology to get them to behave?
I need to whitelist several IP addresses to acquire PCI compliance for my in-home business.  My router is a Arris nvg589.  How to do that with his router/modem?

Hi Everyone

What is the best practice for gateways. For example we got blacklisted a while ago and public ip is still blacklisted on spam rats. It says about reverse lookup not being setup

the exact message "Does IP Address comply with reverse hostname naming convention". While letting my isp know we were told to liase directly with spamrats which i did but the ip has not been given ok by spamrats. I think that they want us to set reverse DNS on gateway.

1) What is the best practice for gateways?
2) What happens if i give it a name with my domain?
3) Does it interrupt my traffic?
4) Do i have to change my firewall rules based on the name change?
5) What all do i have to do to get this done?
6) What is the whole purpose of reverse dns on gateway as i was told by my ISP that they only setup if told by a customer to do so?
Any one can share Security policies Documents on sohphos Firewall.and also Server 2008R2 Group policy Document
Keep up with what's happening at Experts Exchange!
LVL 12
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

I am currently experiencing an annoying VPN issue

I have a WatchGuard M300 cluster based in datacentre 2 which has an existing site to site VPN to datacentre 1

The same customer has a satellite office with a Watchguard xtm33 that has a site to site VPN to datacentre 1.  The satellite office is double NAT'ing, with an external IP in a 1 to 1 NAT direct through to a private IP range that is the external interface on this Watchguard.

datacentre 1 will be turned off soon so I need to connect the satellite office to datacentre 2, however when I set it up I get a timeout error on the Datacentre 2 side (it's like it cannot even see the external interface nevermind start negotiating) and the satellite side doesn't even attempt to start the VPN.  I have checked all of the settings, all traffic is definitely being passed through the satellite offices provider interface and other services are working.  As there is a VPN in place and working on both sides I cannot understand why the issues exists, but seems buggy.  The firmware on the satellite WatchGuard is old, its the only thing I can think to change.  Or its the 1 to 1 NAT, never had an issue before but its a question mark.
My wife had her Gmail account hacked some time ago. Google admin shut down the account for a couple weeks before reinstating it. They restored the account after she proved it was her account.

When her account was restored though, it now forces 95% all incoming mail to the "trash" even though it is from trusted emails and replies to her emails.  She uses Safari browser.
When I enable HTTPS Content Filtering in our SonicWall CFS, connectivity to Office 365 breaks very slowly. It might be fine for awhile, but randomly some users start to have Outlook issues where it says "trying to connect" at bottom of Outlook but eventually it says "disconnected", and then no mail comes down.

I have added all domain names listed here and here to the Allowed Domains list, in every permutation like https://, *., and just as shown on those links, but Outlook still slowly fails. To get everybody back up running, I have to go back into the CFS and disable HTTPS Content Filtering.

Hi guys,

We've found a Key Logger on someone's PC in our U.S offices. The trojan is Trojan.Boaxxe and it has indeed spotted 'Spyware.Ursnif' all over the place. We had some fraudulent activities occur in November 2017.

I've even included the snapshot for you of the findings. When I go to the .txt files you can see, it definitely has November dates which is when the frauds occurred. However, if I go to the 'Tojan.boaxxe' location which is in the Appdata\Local\YJPack location, the date for that is 2015. I'm trying to work out when the actual keylogger was installed.

Is there anyway of finding that out? And how on earth would a keylogger have been installed? Would it usually be through a manual installation or a possible script via phishing etc?

Thank for helping
Greetings EE'ers,

This is a bit of an open ended question, but what do you all use or recommend as tools or practices for performing IT security assessments?
We've had Symantec Backup Exec 2010 running just fine on this server but all of a sudden its services keep on stopping all by themselves and we have to keep on restarting them, but, it's unusable at the moment.

The admin password hasn't changed, I re-entered it for all the services, but they keep on failing all by themselves.

I've restarted the server as well, tried a repair, but nothing has helped.

Any thoughts?

The OS is Windows Server 2012, Backup Exec is up-to-date.

Hi guys

We've had a major possible breach over at our side.

One of our accountants ended up sending an email to a client with our bank details etc. Few days passed and our accountant asked where the money was and was told the client had wired it to them.

Anyway after checking, the client showed a screenshot of the account details that they were sent by our accountant. When we looked, the account details had been manipulated!! They were totally different.
I am trying to investigate whether it was our emails that were intercepted or the client.

I have some tools which I can install, but we are within a guarded firewall environment. The firewalls are Watchguard's and we have got all of the APT and IP intrusion selected. We are in a domain environment. We use Messagelabs to protect our perimeter from spam emails etc.

In terms of intercepting the email, is it possible that our account has had some sort of keylogger or malware installed that feeds information back to the criminals?

Thanks for helping
Looking for the security of a Web Application Firewall, with the least amount of work.

I have been told I needed a Web Application Firewall (WAF) and wonder if it's smarter to use a Web Cloud based WAF? It's for a .NET MVC App. running on IIS.

It sounds like it's a smart way to get security, without first needing to become an expert in it. And to know they are always on the lookout, making their system more secure, would let me rest easier.

Any good names you can recommend?

Also, how difficult is it to "build our own?" What kinds of customization capabilities would we lose, if we went with a Cloud based version?

How long might it take to deploy a cloud version of the WAF?

If I wanted to use AWS, for example, must I also host my website with AWS?

Office 365 Business Premium. I need to add all needed domains to my LAN firewall web content filter, so that they are allowed and not blocked. Is there a place to get a list of all domains that O365 BP needs access to in order to function properly? I found a page by MS but it was a mile long, I'm hoping there's a more concise way to do this.
SMB Security Just Got a Layer Stronger
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

I was reading some material on netcat usage.  There are a few references to using netcat for a relay using FIFO  (mknod backpipe p).  Also mentioned was using the next_hop argument.  I have never used that syntax and can't really find much information on it.  So the command is:
nc -l -p 12345 0<pipe | nc next_hop 54321 1>pipe

Open in new window

I don't know what the next_hop is referring to.  

I've always done it like this where I specify where the client will connect ( port 54321):
nc -l -p 12345 0<pipe | nc 54321 1>pipe

Open in new window

Any explanation on how the next_hop works would be appreciated.
Hi All, looking for a pen testing solution we can use to test our external and internal network, what do you recommend?

Are there any useful IT risk frameworks that are applicable in general terms to any IT organisation? I appreciate risk is organation specific but high level risks around systems availability security etc are common to all. I was after a baseline of common risks and wondered if these have been defined in any top level framework in which to asses our mitigations/controls.
I need to block all attempts at URL Hijacking. Please review my RegEx and my approach...

I will persist the whitelist in a config file.

            sampleRedirectUrl = "";

            redirectWhitelist = "|";

            string regEx = @"https?://(" + redirectWhitelist + ")/\\?(goto|returnurl)=https?://(" + redirectWhitelist + ")";

           bool isMatch = Regex.IsMatch(sampleRedirectUrl, regEx);

I verify that both the base URL and the RedirectURL are in the white list.

Does this block all attempts at URL Hijacking?

I also worry that if key off of "?goto=" (since that is the URL that is coming back to me while debugging in Visual Studio) I would reject the standard name:

I think I need my RegEx to allow either "goto" or "returnurl". Is my use of the OR symbol correct to force "goto" or "returnurl"? Is there ever a worry about failing ReturnURL due to case?

skype friend (who uses skype on computer. Maybe uses skype on android) is sending

What do I tell my skype friend?
change your password?
what if password is already changed and skype friend can not get inside account.

This type of attack is common with microsoft acquisitions skype/hotmail
Where attacker sends a message to all contact list.
We have Watchguard m400. The firewall is blocking EXE download. I want to allow only help desk to be able to download EXE, drive etc. How can i do this ?


Network Security

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.