Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [network-security]

58 questions
11
votes
3 answers

If public IPs are pinned to a single AS, how does BGP anycast work?

It is my understanding that public IP blocks are assigned from IANA, which assigns sub-blocks to RIRs, which assigns sub-blocks to ISPs, which assigns sub-blocks to individual ASs as outlined in this question: How are IP addresses actually…
turtlemonvh
  • 313
  • 1
  • 8
8
votes
2 answers

Security Considerations of AWS Private Subnet vs Private Security Group

AWS Virtual Private Cloud allows several ways of restricting access to devices on the VPC network from the Internet. 1) Place devices into a private subnet (no Internet Gateway). Each device can communicate with other devices using private IP's. No…
hellodanylo
  • 183
  • 6
4
votes
1 answer

VPN instead of VLANs

My network have about 8 thousand user, who work in multiple buildings. There is frequent employee turnover, which currently forces changes in the configuration of vlans on the switch ports. In addition, we have many device manufacturers in the…
Qmails
  • 41
  • 2
2
votes
2 answers

DigitalOcean Network Firewall allowing SSH connections on ports other than only 22

I have a droplet on DigitalOcean with IPv4 and IPv6 enabled. The droplet is behind a digital ocean network firewall with the following rules: Inbound: SSH TCP 22 All IPv4, All IPv6 HTTP TCP 80 All IPv4, All IPv6 HTTP TCP 443 All IPv4, All…
Ouss
  • 158
  • 7
2
votes
2 answers

How to block .git Folder serverwide on NGINX?

I have a question about blocking the .git folders server wide on a NGINX system. At the moment I'm playing around a little with NGINX, I actually use Apache. In Apache, it's actually no problem to block all requests to a .git folder server wide. Is…
Taoiseach
  • 21
  • 2
2
votes
0 answers

Does an IP lockout policy prevent most public RDP attacks?

My company uses RemoteApp to provide a "cloud edition" of our desktop software. The RDP port has been changed from default, and we run RDP Shield, which blocks the IP address after 5 failed login attempts. Each customer has their own Windows user…
Kyohei Kaneko
  • 121
  • 2
2
votes
2 answers

Apartment-wide single SSID / multiple password Wi-Fi network security concerns?

My apartment building is changing internet providers, and the new provider plans to install a network that will have a single SSID for the entire building. Each tenant will be given a unique password that is supposed to make it so each unit is…
bigreddmachine
  • 121
  • 2
1
vote
0 answers

Install SMBv1 client on win10 without admin or compromising security?

This relates to Sending files from win10 to SMBv1 server? but it is broader. Feel free to edit/move/remove. Windows 10 update 1803 removes all functionality of SMBv1 unless explicitly set so by admin, by using the windows procedure for installing…
bliako
  • 157
  • 6
1
vote
1 answer

Can user credentials from HTTP session be seen through Wireshark?

Can we get that info the same way we do for FTP since HTTP is a plain text protocol?
Yoane Maior
  • 21
  • 2
1
vote
1 answer

What to do with log entries indicating intended attacks at my server

Since last week I am running a web server (Apache2 on Ubuntu, accessible by IP only) and I reckon that I am most vulnerable now that I don't know well what to pay attention to, so I'll ask the experts just in case. When looking at the access logs, I…
doetoe
  • 111
  • 3
1
vote
2 answers

encrypting network traffic passing over 'untrusted' segment of Ethernet cable

let's say i have two office spaces in a multi-tenant building. landlord was kind enough to provide me with copper cat 6 cable connecting both of the disjoint spaces. i could just attach network switches at both ends and create a flat L2 network. but…
pQd
  • 29,981
  • 6
  • 66
  • 109
1
vote
0 answers

Wireguard VPN not making handshake

I'm facing a trouble, I have a server with Wireguard configured, with the keys generated by wg command line. I've downloaded Wireguard for windows and put the public's server key on client peer, and public's cliente key on server Peer section. Mu…
Fabricio Franco
  • 11
  • 1
1
vote
1 answer

Where does Ubuntu log TCP connections?

When doing some network security checks (on which I am an amateur) for my office PC, I discovered a few unknown tcp6 connections (with netstat -nt): Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign…
trisct
  • 113
  • 5
1
vote
1 answer

Blocking SSH access from WAN side of CISCO 890 to management plane

I've been round about the houses with this one for days, i've not found a solution yet that works. I haven't found a way to block the HTTP access to the management plane either, i had to give up and disable it completely. In my show run: ip…
Owl
  • 121
  • 6
1
vote
0 answers

Is there a way to modify specific IP options through iptables?

In IP header there is a option 130 - specified in RFC 1108, it adds some security options for IP packet, like mandatory access control levels and categories. My task is to try to modify at least level (it starts at 3rd byte of option) only by Linux…
kiyama
  • 11
  • 2
1
2 3 4