Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

I am in the process of changing out a file server.  It is the only server on the network.
Access to the internet is through a WatchGuard XM25 appliance
The Domain name is the same, but the DNS has changed.  The WatchGuard provided internet connection for a few minutes, and now there is no internet connection.  I can remote into the network with the WatchGuard SSL-VPN utility, and access the computers.  

Any thoughts on why I cannot access the internet from behind the WatchGuard Appliance?

The old server was 2008R2 and the new server is 2016Standard
0
Exploring SQL Server 2016: Fundamentals
LVL 13
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

I downloaded an apps called Fing in my iPhone.  That apps Pings, Speed Test, Trace and finds open ports.  I ran "find open ports" to see my Desktop and gave 3 ports open results can be seen in the attached image.

Question, the 3 open ports found open on my desktop 135, 139, 445,
- what exactly is open?
- Should they be closed?
- What is you recommendation.
0
I'm using OpenVAS CE 4.2.24 (Virtual Appliance), and i've few scan tasks yesterday.   I would like to export all the results as a single PDF, with only meaningful information.
How can we export scan results?

I see how i can export them, 1 by 1 but when i go to the result, i can't export in anything else than XML.

Thank you
0
How does ASP.NET – "SameSite Cookie" block XSS attacks?

Please give me a quick view under the covers how this .NET Framework Version 4.7.2 feature helps stop XSS attacks.

And how is it that an MVC site did not have this exposure with earlier versions of .NET Framework?

Thanks
0
I need tools / ways to test our new WAF (to be set up in UAT VLAN) for
a) Brute Force : what's the commands/syntax if I use Jack the Ripper or any other suggested tool?
b) DDoS volumetric & application
c) OWASP top 10 (eg: XSS, SQL injection, CSRF, Cross-Frame-Site-Forgery/Clickjacking, insecure file upload)
d) Rate-Limiting : can I use the command line browser  'wget' to load a page many times to simulate?
e) any other aspects to test?
f) virtual patching (eg: if a patch is not applied & the WAF has a rule/signature for Wordpress/PHP)

I don't have access to Kale Linux (but possibly an RHEL VM in UAT) to run Metasploit: hopefully there's
a Metasploit for RHEL (but do suggest how to use it to test)
0
We have ran a scan on our environment and we have servers OS's like 2008 R2, 2012 R2, 2016.
The scan came back complaining about the following:
Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

How do we resolve this on these server so that this is not an issue any longer with them?
0
I'm exploring if Rapid 7 can be used to track patch status (what patches are applied on which dates
& which ones have been released but yet to be applied) of our Solaris, RHEL 6/7 & Windows servers
as well as configuring it to do weekly scan of CIS hardenings (including for Cisco switches/routers).

Any document/materials on how to configure to check for patch status & CIS hardenings are
much appreciated.
0
Refer to attached:
need to clarify on the red-text items in the excel :
what are the usual industry-practice settings like
whether "occurs 10 times/minute" : is this the usual
setting or hackers usually will attempt 5 times/0.5min?

From our network IPS logs, have seen variations in
attempts (by blacklisted source IP addrs) in making
3-10 attemps over various time horizons.

Appreciate any comments/inputs on the red-text
items in the attached use cases which we're going
to adopt to finetune our SIEM/SOC
SiemSocUsecases.xlsx
0
Got a threat intel below.  

Q1: Is O365's Exchange Online 2016 affected?
Q2: If so, does applying any one of the mitigations listed in Point 4 below suffice?
Q3: If we cache a copy of our NTLM in O365, does this make this vulnerability inapplicable?
Q4: Is this a critical, high, medium or low vulnerability?  Any CVSS scoring for it?

1          A researcher had reported vulnerabilities affecting Exchange Web Services (EWS), a feature found on Microsoft Exchange servers. The Microsoft Exchange Server are installed by default with access to many high privilege operations.  A successful attack exploiting the NTLM authentication traffic can allow a remote attacker to gain the privileges of the Exchange server. The proof-of-concept tools are publicly available and there are currently no available patch for the vulnerabilities. For more information, please refer to Annex A.

2          If an attacker has credentials for an Exchange mailbox and is also able to communicate with both the Microsoft Exchange server and a Windows domain controller, the attacker could gain domain administrator privileges. If the attacker is in the same network segment as the Exchange server, the attacker could also perform the same attack even if the attacker does not have the credentials for the exchange server.

3          The affected products are Microsoft Exchange 2013 and newer versions.

4          As there are no available patch currently, you are strongly encouraged to perform the …
1
Hi All,

I am using XTM 25/26 Watchguard firewall in the company and many of the remote users are connected through Mobile SSL VPN. Everything was working fine with no issues and last after internet connectivity break down and restoration no one can able to login using Mobile SSL VPN.

I have checked everything but couldn't understand the issue. Can anyone help me with this?

Few points :

1.  Firewall OS is not upgraded
2.  No new rules is created
3. Reinstall SSL Client software, Create new user with new password. Can login to Webpage of SSL  (https://Firewall IP/sslvpn.html) and able to download fresh software. De-activate and Re-activate Mobile SSL VPN.
4. Internal Network 192.168.1.0/24, Virtual address pool 192.168.111.0/24

Here is the diagnosis report.

2019-01-23 10:43:32 sslvpn sslvpn_event, add entry, entry->virtual_ip=0.0.0.0, entry->real_ip=192.168.1.88, dropin_mode=0
2019-01-23 10:43:32 sslvpn Mobile VPN with SSL user Mitul logged in. Virtual IP address is 0.0.0.0. Real IP address is 192.168.1.88.
2019-01-23 10:43:35 sslvpn Entered in sslvpn_takeaddr
2019-01-23 10:43:35 sslvpn Arguments which needs to be sent:openvpn_add 0 1548200615 0
2019-01-23 10:43:35 sslvpn Going to open wgipc:
2019-01-23 10:43:35 sslvpn assign ip address, rip=c0a86f02, lip=0, common_name=0
2019-01-23 10:43:35 sslvpn Sending Data by wgipc to sslvpn_takeaddr is Success,Buffer:192.168.111.2:0.0.0.0:0
2019-01-23 10:43:35 sslvpn Success,Sending Data to …
0
Why Diversity in Tech Matters
LVL 13
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

We have found Apache Struts Ver 1.x (yes, these are obsolete versions) bundled
with our Oracle Weblogic & Tomcat (& possibly in Oracle Financials which we're
reviewing).

Our apps colleagues said the applications don't make use of the Struts (though
we can't say with 100% certainty if any of the apps modules developed by past
app developers who had left did call the struts.jar).

Q1:
Does the presence of struts.* mean we are vulnerable or WL or Tomcat have to
call them (or in the codes, there are references to struts) for it to be vulnerable?

Q2:
What's the best practice?  To deinstall struts (since our apps colleagues said it's
not being used) or to upgrade to current version that offers patches (& keep
patching them)?

Q3:
To deinstall struts for WL, Tomcat & Oracle Financials, do we just remove the
struts.* files or is there a recommended way to deinstall?  We're on Solaris
10 and RHEL6
0
Local server security.

I just got a ransomware attack. Hence I am asking for help to be able to achieve a great level of security for my server especially. and devices.

WHich devices should I get and why?
0
Q1:
There are numerous Wordpress & PHP vulnerabilities:
Besides patching, which is more appropriate to provide a mitigation
(looking at virtual patching) between an IPS or a WAF ?

I tend to think WAF is more for XSS, injection, brute force, "file inclusion", CSRF
kind of vulnerabilities (that are related to Secure Coding) while IPS in general
will match the vulnerability patches from product principals.

Q2:
Correct me if I'm mistaken or is there a WAF (looking at Barracuda) that could
perform both WAF plus IPS functions?
0
I am looking into general anti-virus management / monitoring best practices (regardless of vendor). I basically want a check list  for comparison to actual of:

-what our administrators should be alerted on from the AV agent / software installed any client device,
-what they should be able to produce in terms of compliance reporting for all their managed devices specific to AV.
-What kinds of issues they should be looking for when reviewing logs/alerts specific to AV on a daily basis

I will then use these to compare what they can produce from their central AV monitoring console(s) for a sample of devices or even all devices listed in other information sources such as AD, system centre or our asset management DB. I presume the 3 basics would be status (on or not), definitions last updated, last scheduled scan date. Are there any others?

There seems to be an assumption AV setup/config/management is pretty hard to get wrong but from some recent health checks for PCI DSS I noted on the findings many issues such as out of date signatures, AV not even running in some cases on devices etc.
0
Dear Experts, based on your experience, what are the important parameters that you will focus in defending DDoS attack when choosing Firewall model?
Many thanks!
0
hi guys

We have a load of Watchguard Access Points and they are connected to a Draytek 1100 PoE switch. This switch is then connected to our backbone switch which is a Cisco 3750.

We have set DHCP on the WiFi network that the access points are on in a way to be from 10.0.5.20 on wards and the management IP of this Draytek PoE being 10.0.5.6. Every single day, people complain about not being able to access the internet properly and then it fixes itself again. Then it happens again.

When they do complain, I end up not being able to access the management IP page of the Draytek on 10.0.5.6. This makes me believe that it is in fact this particular PoE causing the issues we are having.

Could that be the underlying problem?

Thanks for helping
Yash
0
A customer of mine has failed a PCI scan, mainly due to files stored on two bookkeeping computers, which contain sensitive data, like SSNs for employees, tax returns, and a small number of credit card numbers... Some of it is easy, old mailboxes, old emails, duplicate files, that can just be deleted.

Some of that data will need to be kept, though, possibly for long-term storage, but in a way that is PCI Compliant.

The credit card numbers are most likely internal, not customers - the business mainly transacts with their customers via checks, which are electronically deposited and then shredded when the accounts are reconciled.

What is the best/correct method to recommend to them for storing and accessing this data going forward that is both compliant and usable by not-very-technical bookkeeping staff?

They are a network of 10 total active users all running Windows 10 Pro, and joined to Active Directory via Windows Small Business Server 2011, and do have shared file access on the servers. For compliance, I'm thinking it would be best to have this data on the server, where it is assuredly backed up, and permissions are stricter, but does that create a more centralized potential point of failure?

Your advice and recommendations are appreciated!
1
getting alerts on mac for Symantec every minute for days, nothing is getting attacked on my network or scanned, Symantec mentioned i need to upgrade and i did but still annoying alerts


Screen-Shot-2018-11-19-at-2.39.49-PM.pngScreen-Shot-2018-11-19-at-2.39.49-PM.pngScreen-Shot-2018-11-19-at-2.39.12-PM.pngScreen-Shot-2018-11-19-at-2.38.38-PM.png
0
Hi,
We have setup an internal VLAN on our WatchGuard for Guest wifi access. The vlan works as expected and anyone who joins gets the expected IP address/ can browse the internet no problems. What we cant it to do is to work correctly with outlook web access. For some reason whenever I try the owa address I get redirected to the watchgiard ssl login page. If I try on any other external connection it works fine. I have tried an nslookup on the new guest wifi and our other external connections and they all point to the correct external address. ie if I am connected to one external wifi and try to access the url xxxxxx/exchange it work fine and an ns lookup is pointed to the correct external address. If I try and accesss xxxx I get presented with the iis page. If I try the same when connecting via the guest wifi, the nslookup shows the same external ipaddress, however if I try to goto to xxxx/exchange I get a 404 page not found error and if I browse to xxxx I get the watchguard ssl login page.

What am I missing?

Cheers,
Paul
0
Learn SQL Server Core 2016
LVL 13
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

In general, does Non Disclosure Agreement covers
a)  information should not be disclosed even verbally?
b) accidental divulging of sensitive information?
c) that a vendor is working for this specific customer on a specific project?
d) the size of the data or database of the customer?
e) the value of the project?
0
We have 3 apps that a user runs on his computer every other day: 'SUPERAntiSpyware', 'Spy-Bot Search and Destroy' and 'Comodo Antivirus'.  The user runs the 3 apps at that same time whenever cleaning up is desired.  The user would leave theses tools running overnight.

The app 'Comodo Antivirus' never finds a virus.  The apps 'SUPERAntiSpyware' and 'Spy-Bot Search and Destroy' always finds spyware.  In  the morning the user would first click 'SUPERAntiSpyware' to delete or isolate the threats reported and then do the same to 'Spy-Bot Search and Destroy'.  Finally restart the computer.   Note, prior running the apps, the user would run cCleaner to cleanup any junk in his drive.

To-Date, there is no problem we have identified and all seems to be ok.  Our question is more directed to know EE opinion on:

  • Why 'SUPERAntiSpyware' and 'Spy-Bot Search and Destroy' display different results?
(Spy-bot would show registry entries and superantispyware would show files)
  • Any negative effect by running these 3 apps simultaneously?
  • Finally, is it necessary to run cCleaner prior running the apps?
0
We have a new 2nd building on property we own.  someone got verizon fios at the 2nd building (it was already in the 1st building).  They are about 1,200 feet apart with line of sight.

We need the 2nd building to be able to access the network in the first building (and minimize costs).   the 2nd building will have 1 -2  users and MAYBE some file transfers between the 2 buildings, but mostly email, web surfing

I'm trying to see the costs for connecting the 2nd building to our existing network / do we need fios at that 2nd building

Some options I thought of?

1) Setup a VPN - we have a watchguard at building 1 already and that has a VPN to another office in another state.  So add a Watchguard unit for $500? at building 2 and some config time / costs.  and still have the fios ongoing costs.  Anyone know the throughput of a vpn using Verizon fios at both ends?  it's lower than the speed you are paying for from verizon, right?

2) wireless? Maybe Unifi Nanobeam 5AC gen 2  

https://www.amazon.com/Ubiquiti-NanoBeam-High-Performance-airMAX-NBE-5AC-Gen2-US/dp/B0713XMHH9 

$113 each and we need 2 of them, plus time / moneh for hardware, mounting poles, etc. That  Would get 400Mbit which is fine (mostly email / web surfing etc at the far end).  But What if we want gigabit on wireless?  Is that doable at a reasonable cost? And can cancel the FIOS

3)  Fiber? I called Lanshack.com and they are saying the fiber cable would need to be outdoor rated (regardless of being …
0
Hi,

We use Mitel 5212 IP Phones. we are trying to get them to work on a custom VLAN setup on a watchguard m500 firewall. We have created the custom vlan and the ip scope which works fine. I have mimicked the DHCP options from our windows based dhcp server, however this didn't work. On the DHCP windows based DHCP server the options are:

128 Mitel TFTP xxxx.xxxx.xxxx.xxxx
129 Mitel RTC xxxx.xxxx.xxxx.xxxx
130 Mitel IP Phone Identifier MITEL IP PHONE
132 VLAN for Mitel IP Phone 0x3
133 priority for Mitel IP Phone 0x6

On the firewall dhcp scop options 9All custom)
Code       Name                                 Type            Value
128         Mitel TFTP                           IP                  xxxxxx
129         Mitel RTC                            IP                    xxxxxx
130        Mitel IP Phone Identifier  Text              MITEL IP PHONE
132        VLAN for Mitel IP Phone   Hex              3
133        Priority for Mitel IP phone Hex             6

When the phone eventually boots it gets a crazy VLAN id. Any clues as to what I am issing, or a how to guide on getting the IP phones to work?

Cheers,
Paul
0
Hi.  I am trying to map ports to an internal IP from any outside IP on a Watchguard firewall.  Version 11.9 Firewire XTM Web UI.  No matter what I do, these ports will not open.  Unfortunately, not as familiar with Watchguard as I should be.
Any idea why they will not go through from the attached file?
Watchguard-pdf.pdf
0
a) https://en.wikipedia.org/wiki/Ceedo  ==> has local distributor/partner, on-prem
b) https://www.garrison.com/                 ==> on-prem, cloud-based coming up
c) https://info.authentic8.com/               ==> cloud only

Trying to narrow down which of the above 3 solutions to adopt for safe Internet
browsing.

a) uses CDR (Content Disarm & Reconstruct) : how good is this in making the
    Pdf, MS Office files safe? O365's  SpamHaus is not sufficient (still getting
    spams) & lacks defense against malicious attachments & users clicking
    on phish links in emails, can Ceedo's solution do CDR for email/email
    attachments?  Can't seem to find anything in the wiki link above.
    It's not clear if they have proxy solution/feature in their product

b) this solution lacks in terms of proxy (for us to link to SpamHaus or add our
    Threat Intel's bad reputation IP & blocking certain categories like YTube &
    FB) & downloading of files: had to email the attachments & purchase
    proxy/CDR (eg: Deep Secure) solutions to integrate:  personally I prefer to
    cut down on integrations because when there's issues, vendors would
    point to each other.   By making users do downloads by sending email,
    it discourages users from downloading to their PC unless necessary:
    however, I foresee users will be unhappy with such requirement that
    they had to take extra steps to email files they wanted to be downloaded

c) offers cloud solution only …
0

Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.