We help IT Professionals succeed at work.

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Hi,

We have an APC Back-UPS Pro 1500 and an 8-Port 10/100Mbps Desktop Switch (TL-SF1008D).

We wish to plug our switch into the UPS in case of power outage.

The UPS requires a kettle plug be plugged into it.

We only have a power plug that would go into wall socket for this switch so it won't plug into the UPS.

How would you recommend we plug our switch into our UPS?

Thanks,
Robbie
0
Hi All,

We use WatchGuard Friebox as our firewall. Last couple of days it has detected and blocked a relatively high for us(1oo hits) of activity it labels as MASSCAN Activity. I have traced this back to a handful of IP addresses. These tried to attack a couple of our web server that we have to publish on the internet. Only ports 80 and 443 are open on these connections.

Is there anything etc I can/need to do to help stop this activity, or is it one of those things I have to live with as long as WatchGuard is blocking it.

Cheers,
Paul
0
I am trying to block HTTPS traffic using Trend Micro Deep Security.
There are no issues blocking HTTP traffic, but nothing is blocked when using HTTPS.

The main page for Web Reputation has a note saying that it does not block HTTPS traffic, but I wanted to find out if there is a way to block HTTPS traffic using Deep Security?

https://help.deepsecurity.trendmicro.com/Protection-Modules/Web-Reputation/ug-web-rep.html?Highlight=block%20https
0
I need to resolve an issue that's been frustrating me for a long time now.

I've got a small network that I use RDP to login to and whenever I sign-in to a server I get an error:

"The remote computer could not be authorized due to problems with its security certificate. It may be unsafe to proceed. The certificate is not from a trusted certifying authority."

Certificate mismatch I see when I use RDP
I have created a Self-Signed Certificate using myself as a CA. I can get this to work for sites in IIS, but not for logging into servers on my network.

I have placed the CA Root certificate in the "Trusted Root Certificate Authorities" folder on both the Server I'm logging into and my local Windows machine.

I've put a PFX version of the Certificate in the "Personal" -> "Certificates" folder.

I've put a PFX version of the Certificate in the "Remote Desktop" -> "Certificates" folder.

What am I missing here? Where do I put in the TLS Certificate and Root CA?
0
Converted a subnet of workstations to an existing domain.
Some workstations in this group are now not able to write to a fileshare.
The users are domain standard users.
The permissions appear to be there just fine.
The file "server" is domain joined as well.
The users are in the domain group giving access (full).
We have a number of these "file servers" and this is the first to exhibit this kind of problem.

Error says:
Destination Folder Access Denied
You need permission to perform this action

????
0
Hello there,

Our company is using O365 Exchange and recently I received a letter from a vendor that we work with to implement the standards below.

1. Trasport layer Security (TLS)
2. Sender Policy Framework(SPF)
3.Domain Keys Identified Email (DKIM)
4. Domain-based Message Authentication, Reporting and COnformance (DMARC)

Does anyone knows how to apply these standards in O365 Exchange and what will I need to do.
0
Exchange 2016 CU9 security update failed, server rolled back. restored exchange services, Internal mail flow is ok. Sending externally ok. Receiving external mail being rejected, unauthorized relay tag in Sonicwall Security Appliance

Went into work with all of it's services set to disabled. Brought the server up. I'm able to send/receive from internal addresses. I can send to external mail but i can't receive external mail. We have a sonicwall Email Security appliance answering email. We see the incoming mail making it to SW. Makes it to Exchange. But exchange rejects it:


Arrived into gateway from: 54.240.8.95 on Mon Nov 4, 2019 at 20:50 GMT+10:00Direction: InboundArrival notes: NoneAudit trail: techies@goguam.comIdentified as: GoodMessage location: BouncedAccepted by: 134.9.1.171:25 on Mon Nov 4, 2019 at 20:50 GMT+10:00

MTA response: 5.7.1 (delivery not authorized)smtp;550 5.7.1 Unable to relay for techies@goguam.com


On my smtp protocol logging i do see this exception with one of IPs:

2019-11-04T12:00:02.009Z,EXC2016\Client Proxy EXC2016,08D761029557F050,1,134.9.1.171:465,134.9.1.25:61825,>,"220 exc.goguam.com Microsoft ESMTP MAIL Service ready at Mon, 4 Nov 2019 22:00:01 +1000",

2019-11-04T12:00:02.018Z,EXC2016\Client Proxy EXC2016,08D761029557F050,2,134.9.1.171:465,134.9.1.25:61825,-,,Remote(SocketError)


So an exchange update failed and disabled all services. Brought it back for internal mail flow. Trying to fix the receive connectors. I tried …
0
Hi,
We are receiving Windows Error 4625 "Audit Failure" every few seconds.
The logon type is 3.  The account name is "Administrator".  And the source network address is an outside IP address (which varies).
When the RDP services are turned off, the errors stop, but we need RDP on for a single remote user.
We have disabled the Administrator account from using RDP and changed the RDP port to something besides 3389.
A third party manages our firewall so we would like to avoid getting them involved.
How can we stop the constant errors from appearing in Event Viewer?  Is there a software firewall we could use that would catch the intrusions before they hit Event Viewer?  (We can specify a MAC address if needed, but not an IP address to block.)
0
I have created a GPO to add a user group to the local admin group on servers using the group policy preference using the method described in the link below:-
http://www.checkyourlogs.net/?p=22921

But it is not adding the group to the local admin group.
I set the security filtering on the policy to only my account and the Server account.
GPO is applied to OU where computer accounts reside.

GPresult /H does not show that policy as applied or denied.
What can I do to resolve this?
0
Hello Experts!

I am working on asp.net application in asp.net technology the application is very old around 10 years back.
I am using this configuration in web.config:

<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" cookieless="UseCookies" timeout="20" cookieName ="DrainId"/>

As we know that Session hijacking means if someone steal/copy session cookie and paste it another browser then the one can access any inner page of the web application.
how can we stop the session hijacking so that if session cookie is pasted in another browser we can redirect such request to the login page.

 I copied this way the cookie so that I can paste in another browser and open inner page.
0
Q1:
Is blocking of Date of Birth, person's home addr & mobile telephone numbers a practice out there?
I think it's not feasible for Date of Birth  &  home address as they can come in countless formats:
1. dd/mm/yyyy
2. dd MMM YYYY
3. mm/dd/yyyy  : US format
4. yyyy-mm-dd
5. dd-MMM-YYYY
....

Q2:
For mobile telephone numbers reckon, it's not something sensitive or is it??

Q3:
Does O365 DLP function has capability to block Date of Birth??


Currently we use O365 to block NRIC  (sort of unique identification #) but
passport#  is something that varies for different countries & changes each
time the passport is renewed
0
How do I give ownership of a folder (C:Windows\CSC) and all child objects to the Domain Users security group (domainname\Domain Users) via PowerShell?
1
I am trying to run an adit on a my Juniper SSG,  Seems like there is a gap in the syslogs for over 1 month and trying to determine what happened, where in as the logs are missing..
0
I have a web-based file manager system that allows users to log on and browse folders and files via a php script.

I use the google doc viewer to display the files.

My problem is that if anyone works out the URL of the file, then they could bypass the file manager system and just access the file in any browser.

Please can someone advise the best way to secure access to the files with IIS from direct URL browser access, but allow the PHP script, and the google doc viewer, to access it.
0
I am trying to install SSL certificate on F5, I keep getting Import error (Screenshot attached) I have tried entering password, and changing the option for Key security, it doesnt work.

The certificate i am selecting is in .pem format, have selected .crt and .p7b as well, none of them works.

Have anyone experienced the same error?

Thanks for your help.
0
How can I fix the security certificate trust for an server that is only accessed internally?

I have tried to install the cert but still keep getting the same error.   It is a Host server that I access all the time.     I can continue but it still shows the certificate error.  I can successfully launch the vsphere web client.   Just trying to eliminate the error.  I also get an error when I try to import a file into the Datastore because of the certificate error.    Is there a way to fix this problem?
0
Hi,

I have a user on a HP elitebook, and I have setup fingerprints in HP Client Security, but it doesn't work when trying to unlock his PC.

When he swipes his finger, nothing happens.

Nothing happens when he tries to log in with fingerprint either.

I installed the HP Client security manager, and he scanned his fingerprints no problem, and the reader is working because when we went back into HP Client security manager it asked him to authenticate with password or fingerprint, and he successfully authenticated with fingerprint.

Within Windows 10 itself, the sign in options are poor. Finger print just says:  "This option is corrently unavailable - click to learn more" and "Something went wrong. Try again later".

Please help, many thanks.
0
O365 Risk Watch and Fortify for Protection

Have couple of questions about these two products. how does these 2 products work. Does they come under ATP.
0
I created a GPO to add some needed trusted sites to to the local intranet in the security tab of IE which works fine. The only problem is that some users, because of their job function, need to add to this list but cannot because it is managed by GPO. Is there a way around this? We have too many computers in our domain spread across multiple locations so doing this manually is not feasible. We are in the process of integrating Force Point in our environment so adding the trusted sites is necessary.
0
We are having loads of trouble configuring a Site2Site VPN with a pair of Watchguard T35 firewalls.
Neither is configured pretty much outside of the initial setup wizard.
The current site 2 site vpn is stock from the vpn configuration guide from Watchguard.

We tried a number of different configs, but have currently deleted them to restart fresh.
Also we are trying to set the connection to initiate from SiteB to SiteA just to limit randomness, but can set bidirection or SiteA to SiteB as initiator.  Doesn't really matter to us

My theories may be off, so I'll just throw out the logs from each to see what you may think is happening.

Thank you in advance.


Site A
*** WG Diagnostic Report for Gateway "AA-to-TC-Gateway" ***
Created On: Tue Oct 29 09:22:49 2019

[Conclusion]
	Error Messages for Gateway Endpoint #1(name "AA-to-TC-Gateway")
		        Oct 29 09:22:35 2019 ERROR  0x02030015 Message retry timeout. Check the connection between local and remote gateway endpoints.


[Gateway Summary]
	Gateway "AA-to-TC-Gateway" contains "1" gateway endpoint(s). IKE Version is IKEv1.
	  Gateway Endpoint #1 (name "AA-to-TC-Gateway") Enabled
		Mode: Main
		PFS: Disabled 	AlwaysUp: Disabled
		DPD: Enabled 	Keepalive: Disabled
		Local ID<->Remote ID: {IP_ADDR(A.A.A.A) <-> IP_ADDR(B.B.B.B)}
		Local GW_IP<->Remote GW_IP: {A.A.A.A <-> B.B.B.B}
		Outgoing Interface: eth0 (ifIndex=4)
			ifMark=0x10000
			linkStatus=0 (0:unknown, 1:down, 2:up)
		Stored user messages:
		        

Open in new window

0
MyPhoneExplorer 1.8.12 released      2019-06-17

They say:
Simply explore your Android phone !
Connect your phone via WiFi, cable or bluetooth and you'll be surprised how easy and efficient it will be to manage your phone with our software. Since it's first release MyPhoneExplorer evolved into the most popular freeware tool for smartphones. The software is constantly updated with new features.

Anyone have experience with this app?

My main question: in syncing data, does the transfer between android phone and PC get sent encrypted, or can anyone read it?

Thanks!

OT
0
When you have a business that has say 5 Access Points in a building is all you really need to do is set the SSID and Security the same on all of them so anyone in the building can Roam at which point they will transparently move from AP to AP?

   That is more in the Client's ability isn't it?
0
We get an audit finding from one of the Big Four audit firms as follows:
"A study should be conducted to determine the granularity of the segmentation of end-users. Minimally,
  IT administrators should be in a separate network segment from the rest of the end-users."
"Inadequate network segmentation increases the ease and risk of lateral movement by cyber-
  attacks, if a server or device in the segment is compromised."

As sysadmins have "privileged" access to servers & compromise of their PCs will risk compromising
the servers in a 'privileged' way, we'll adopt the recommendation.

I'll need some good points/arguments to support our stand of not further segmenting each
departments from each other:

a) the main exposures are from "Internet surfing" & emails access (lots of malicious attachments,
    phishing, spam emails seen in email gateways) besides USB ports

b) all other users belong to same trust domain as they read emails & surf internet (yes, the
     sysadmins are encouraged to surf internet on PCs not used to surf Net & read emails)

c) for workstations used for Industrial Control Systems/Operations Tech, they don't have email
    access & Internet surfing &  have been rightfully segregated as per existing set-up

d) To prevent lateral attacks, EDR, AV & email security (forwarding of malicious emails to
     other colleagues) are in place with SIEM for detecting such events in the pipeline

e) if we were to segregate every departments (eg:…
0
Hi All,

I would like to create a "Dynamic" security group in Active Directory. So basically my need is as following:

I need a security group which will contain 3 computer objects. These computers will be reimaged ever now and then, but they will always have the same hostname. I need those objects in the same Security Group after they rejoined the domain. A colleague of mine attended me on "Dynamic" Security Groups, yet i cant find any usable information. Does this exist? Maybe you guys have more information

Thanks in advance!
0
Hi, I'm using the Quarantine feature from Watchguard and this creates a Quarantine website users can log onto. But the problem is that it's an intranet server and as such doesn't have an 'official' SSL certificate. I tried to create a self-signed one etc but I keep on failing ... could someone please give me step-by-step instructions on how to create a self-signed certificate and attach it to that website so that the browsers won't throw their security warnings anymore? Thanks!
0

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.