Security

25K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Q1:
What's the criteria / justifications for installing a WAF?
We were asked why there's a need & justify.

Q2:
So if we have a web server that is served to the public/Internet,
that's when we need one or even if there's applications server
such as java app servers (eg: Weblogic, Glassfish, JBoss), it's
applicable as well?

Q3:
Or as long as there's "Web application servers", WAF is
applicable & what's a "Web application servers"

Q4:
It's basically to circumvent applications vulnerabilities (eg: those
listed by OWASP)?  

Q5:
If applications are already coded strictly according to Secure
Coding (XSS, injection, CSRF, inputs validation, ...), do we still
need a WAF?  I've heard WAF protects against DDoS as well
but the ISP we hosted our web services already offerred
DDoS protection
0
Redefining Cyber Security w/ AI & Machine Learning
LVL 1
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

What "security lockdown" method (i.e. Symantec EndPoint Mobile, etc) do you recommend for corporate Verizon Android phones that are connected to a 200 user onPremise Exchange Server to somehow lock down so users cannot

  1. install APPS on their phone, only allowing UPDATES for existing "IT approved" apps to work
  2. browse to websites that are on a blacklist/etc
0
We would like to know EE opinion on wireless cams system.  We have been presented with Lorex wire free 4 cams system.  We know nothing 100% secure and everything is hackable, yet we would like you opinion how secure is this type cams really are.  And maybe any specific brand you guys have worked with.
0
For Cisco AnyConnect VPN access to work, I'd prefer not to buy a 2nd computer and keep it fully patched.

I considered maybe making a separate "Work User" on my home pc and only use it for VPN access.

However, theoretically,  because my everyday windows user profile has admin rights, should it become infected, it could write startup items for other users on the same machine.  And, I suppose it could infect the boot loader.  (I'm not sure how likely that scenario is).

Because Cisco AnyConnect VPN has lots of system requirements, I'm guessing I couldn't boot from a BART_PE flash drive.  (Does AnyConnect verify windows patch level and anti-virus status - stuff that wouldn't be up to date on a windows flash drive)

What's my best option?

Thanks in advance for all thoughts and opinions.
-Mike
0
I have installed security onion on virtual machine. On Real Time events, I´m only seeing when the events are for my virtual machine IP. What I´m doing wrong ?
0
External RDP setup for Windows Server 2016:  The firewall gets a response AGED-OUT from server:  The traffic is allowed but no response from Server:  

New Windows Server 2016:
The network firewall are ok because I've reach out to networking and they confirm.  We have allowed RDP on a specfic non RDP port for one IP:

For security I'll Mask. Vendor IP and PORT

IP X.X.X.X = vendor IP
RDP port XXXXX = I changed from 3389 to a new 5 digit:

In Network Reg I changed the port number:  I followed this:  https://kb.iweb.com/hc/en-us/articles/230242388-Change-the-Remote-Desktop-Connection-port-to-your-Windows-Server  (RDP PORT.jpg)

I've allowed RDP  - RDPuser.jpg RDP enabled.jpg


I've added incoming FW rules:  RDP FW RULE  
I read on some forum you need TCP and an UDP rule for RDP.  Both have the same new special port #

What am I missing?  I've been banging my head on this one...
0
Domain PC's keep asking for Outlook credentials to be entered - which sometimes work .

OWA works fine.

This has started 2 weeks ago and appears to be spreading across machines.

Some systems report - Error: The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.

Any ideas ?
0
Dear Experts, we  have  these devices, can you design a network diagram that provide HA, security, VPN and reliability ? We have 500 users, 30 servers VM in 4 physical hosts, would like to separate server farm and user LAN. It can separate Internet connection as well

3 x Firewall sophos XG310
3 x Core Switch Cisco 3850 48ports
2 x Access Switch Cisco 2960 24ports
20 x Access Switch Cisco SF200 48ports
All connection is CAT6

Many thanks in advance!
0
I'm having a little problem and I hope you guys can assist me with it, I have 5 VLans --- this is the setup on PFsense

LAN-VL10-VL20 all use the dns resolver and is filtering web content via squid and pfblocker

VL30-VL50 uses the DNS forwarder on port 5353 and arpa back to Vl20 on ip address 192.168.20.1

Vl40 is uses the isp dns and do not use the resolver or dns forwarder - this is the guest network

The problem is Squid and PFblocker does not filter content on these three network  Vl30-Vl40 and Vl50

All these interface are selected in the interface section on squid and on PFblocker.

Any Assistants will be greatly appreciated
0
I have a new client with a light speed web filter appliance. It's currently licensed for just web filtering. Does anyone know if they also offer licensing for virus/malware filtering and detection? I am waiting for a call back from sales but this is time sensitive.

Thanks
0
Firewall Management 201 with Professor Wool
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Hello I'm in the middle of running SCAP scans on our systems, currently in a closed loop enviroment trying to get all system compliant.  Had to remove myself from Domain Admins group, created a new Security Group "Local Admins" placed this group in the Builtin Administrators group.  FIrst issue I created a new Policy to add this newly created SG into local admin group on all machines, following the instruction from the following article - https://community.spiceworks.com/how_to/907-gpo-to-push-out-local-administrators-across-a-domain I've waiting 3 hours, rebooted serveral times, ran gpupdate serveral times can't get this group to add to admin group.  Second issue one of our shares sitting on server 2016 I cannot access, "Access Denied".  I've added the newly created SG with Full Conrtol as well as my account to top leverl and granted full control no access.

Thanks.
0
I've been tinkering with React JS for the past several months now, and just have some questions.  I'm not looking for code .. just information and maybe some links.  Please advise.

1) I'm a bit confused about how security is maintained in React based applications.  I understand that the JS and CSS files get minified and bundled during the build process.  But what about the API keys and login credentials that are buried in the JS files in the site root when deployed?  Can't anyone just view source and extract that info, ... however obfuscated it might be?  I've always wondered why the tutorial videos I've watched never get in to any of  that.  What is it that I'm missing or not understanding?  

2) Why would I ever need or want to use Redux in my React based application?  My understanding is that it would facilitate something like "multiple undo levels" .. or work similar to a web browser's "back" and "next" buttons.  Am I correct in assuming that it's mostly used for debugging / troubleshooting purposes? If not, then what's an example of real life use case scenario?

3) Regarding the new Context API .. is it being regarded as an all-out replacement for Redux?  Or are the two fundamentally different?  If so, how?

4) What other real-time databases are available besides Firebase that work with React, if any?  I'd be most interested in 3rd-party hosted solutions (like Firebase), as opposed to database engines that you'd have to install and configure on your own server.…
0
I have a samba domain on ubuntu. i create a security group ssh_grp. how to say ssh that only member of this group can login.
"normally all domain user can login. ssh user@server   it's ok"
i wrote:
AllowGroups domain\ssh_grp
DenyUsers *
in my sshd_config.
but it's not working i restart and change port 22 from ssh.

from cmd i say ssh user@server -p "port"
i wrote the password
permission de....
0
If you needed to get some clues on what a user 'did' when they logged into a domain joined windows 7 machine forensically where are the obvious places to check. I know there are 'recent' folders with lnk shortcuts to see what files they have accessed..
But interested to know what other artifacts could be turned to for a fuller picture.
. Eg what apps were opened/launched.
0
Laptop was stolen from Starbucks.  Is there a way to track the whereabouts of the laptop?  It's not an apple machine.
0
Don't have much documentation at my new place and I wanted to know where to begin to understand our DR/BDR information.  I specifically wanted to know what it costs the company to be down for an hour or a day and so forth.  Since we don't have much documentation, it is really hard to understand or where to begin.
0
We have a Sonicwall Firewall NSA 2600 and it is configured to not allow access to sites with SSL certificate issues, such as self signed, expired, untrusted, and so forth/

Beginning Monday morning, any attempt to access a Microsoft website is being blocked. First SSL block that occurs is untrusted root CA. I have triple checked and then triple checked the triple check and the Sonicwall does have the Baltimore Cyber Trust Root CA certificate installed and the serial number matches but it keeps saying Untrusted Root CA.

To get past that temporarily I disabled checking for untrusted Root CA and now it is giving an SSL block saying Certificate Chain Not Complete. I was able to find the correct intermediate certificate "Microsoft IT TLS CA 5" and imported it into the firewall certificate store. The serial number matches and the issued by is correct. However, the problem continues.

Is anyone else having any problems with Microsoft secure websites or have an idea of what to look at? I am very knowledgeable about SSL certs and certificate chains and such but this has me stumped.

This is affecting all Microsoft websites including Live.com, Bing, MSN, TechNet and MSDN any site that requires a secure connection.
0
Dear Experts, can you please suggest pros and cons of this diagram? Any suggestion please?

aqua.PNG
0
https://www.cscollege.gov.sg/programmes/Pages/Display%20Programme.aspx?ePID=pe8r29gaqc5voaoitct59bdi3m

Referring to the above, I've been googling for IM8 (Instruction Manual 8 for ICT)
to download but can't locate one.  Anyone knows where to download a copy
without attending the training?  A slightly outdated (say 2 yr old) copy is fine.
0
INTRODUCING: WatchGuard's New MFA Solution
LVL 1
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

getting an exception  very rarely.  exception throws at webServiceTemplate.sendSourceAndReceiveToResult().

org.springframework.ws.client.WebServiceTransportException:  [500]
        at org.springframework.ws.client.core.WebServiceTemplate.handleError(WebServiceTemplate.java:699)
        at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:609)
        at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:555)
        at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:506)
        at org.springframework.ws.client.core.WebServiceTemplate.sendSourceAndReceiveToResult(WebServiceTemplate.java:446)
        at org.springframework.ws.client.core.WebServiceTemplate.sendSourceAndReceiveToResult(WebServiceTemplate.java:436)


My client code -
 StreamSource source = new StreamSource(new StringReader(request));
        StreamResult result = new StreamResult(new StringWriter());


        final StreamResult soapHeaderResult = getSoapHeader(parameters);

        webServiceTemplate.sendSourceAndReceiveToResult(
                source,
                webServiceMessage -> {
                    SoapMessage soapMessage = (SoapMessage) webServiceMessage;
                    // formulate soap header using a simple xslt transformation
                    // the transformation copies the Security and Message Header
                    // from…
0
I want to display only the installed antivirus (in my case is the last item) and not all items of the collection, for example, it shows me:
Windows Defender
Malwarebytes
ESET Endpoint Security

So I added an ArrayList whose purpose is to display only the last Item which is: ESET Endpoint Security
wscript.echo GetAntiVirusName
Function GetAntiVirusName()
Set objWMIService = GetObject("winmgmts:\\.\root\SecurityCenter2")
Set colItems = objWMIService.ExecQuery("Select * From AntiVirusProduct")
On Error Resume Next
If Err <> 0 Then
	GetAntiVirusName = "No AntiVirus "
Else
	Set ArrayList = CreateObject("System.Collections.ArrayList")
	For Each objItem In colItems
		ArrayList.add objItem.displayName
	Next
End If
GetAntiVirusName = ArrayList(ArrayList.count-1)
End Function

Open in new window

How to know if there is no antivirus installed by this function?
If you have any advice to go, I am at your disposal, to improve it!
0
Dear wizards, can you please recommend some best models of Firewall appliance?

The requirements are:
- Can detect and automatically block network attacks (IDS/ÍPS), virus, worms, volummetric ...

- Including routing, HA, failover features

- Reliable
0
Looking for a better security solution for home directory listing buzz in.  
Due to the increase mail package thefts, HOA proposed to completely remove remote buzz in option.  Currently visitors dialing the code downstairs, call comes to resident's cell phone,  and by pushing '9' the door unlocks;  If we remove that option the resident has to go downstairs to open the door to the visitor. Definitely inconvenient option.  But could be safe. Recently we even noticed the food delivery guys stealing packages on the way out.

My idea to improve it is to add a small cam downstairs.  When someone dialing in the call comes to resident's smartphone.  Resident immediately see shows coming in and make a decision to buzz person in or not.   Can this be implemented for a building of 50 units?  

Any ideas appreciated.   Thanks!!
0
Hi,

I have been looking at ways to improve my knowledge and skills in IT security as i am running into a lot of hacking/phishing attempts on my clients.
I only support small businesses and individuals running their own businesses, typically the market that does not have access to an IT dept, making them less agile in dealing with breaches/hacking attempts.
Can someone suggest some certifications/courses, knowledge bases where i can get more information and skill sets that are RELEVANT to protecting small businesses and individuals. I want to be in position where i can understand the fundamentals and concepts of various hacking methods and react accordingly on behalf of my clients. I already put in place many policies to protect my clients data , but this is an ever evolving arena so i want to remain relevant.
I dont deal with Enterprises so i am not trying to be the next Troy Hunt, that is not my expertise.

Many thanks

D
0
Is it considered a good practice to have an open wifi network run through the same switches and routers your business network is going through? The open WiFi is on a separate VLAN, however, I am concerned that Denial of Service attacks can still be implemented on the wifi VLAN and used to target the switch interface or even the router interface bringing down the business connection as well.
0

Security

25K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.