Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [network-security]

49 questions
0
votes
2 answers

Should server be hidden behind a VPN for the SSH access?

We have three server instances, Nginx/PHP, PostgreSQL, and ELK stack. My idea is that the PHP server would allow public access for ports 22, 80, and 443, ELK server would have open port 5601 for public access, but all other intercommunication is…
djboris
  • 101
  • 1
0
votes
1 answer

IPv6 vs IPv4 available subnets - enough or too less

I read a bit about IPv6 and found that usually you get assigned a /48 prefix address. Which gives you 16 bit for subnetting. Reading further assuming that you use /64 subnets you would end up with 65535 possible subnets with a lot of IP-Addresses in…
metriXc
  • 1
0
votes
1 answer

Cisco Catalyst 2960 Allow Management from Single IP Address

Our organization was recently required to use MFA for logging into our networking hardware. We're accomplishing this by using Royal Server and Royal TS, and limiting the source IP for SSH and web GUIs to just the IP address of the Royal Server. HP…
emike09
  • 13
  • 4
0
votes
0 answers

IPsec on ESXi - How to avoid inputting plaintext crypto keys in command line?

The ESXi's IPsec commands require the encryption/integrity keys be inputted in plaintext from the command line. This is not recommended security practice. The command line history is even logged to /var/log/shell.log. So how can I hide the keys? $…
SF.express
  • 364
  • 1
  • 10
0
votes
1 answer

Domain joined WAP in DMZ

To date, I've only ever used ADFS for claims aware applications. I'm now looking at using it for some non-claims aware applications. I've read that the WAP server must be domain joined for this so that it can perform Kerberos constrained…
Steve
  • 1
  • 1
0
votes
3 answers

Do network acls block inter-subnet traffic as well?

I have VMs placed in different AZs on AWS. In order to be able to do this, you need a subnet in each AZ. If I'm creating a network acl for the entire setup (ie to be associated with all subnets) do I need to specify allow rules from all the subnet…
ndtreviv
  • 113
  • 4
0
votes
0 answers

Send command to another machine in a secure credential way

I have a question to ask you: I am creating a script to use with certbot for the renewal of certificates via DNS, everything works correctly on the same machine where BIND is also running (this machine is experimental). Since the automation tests…
MrTaik
  • 7
  • 4
0
votes
1 answer

Network Mapped Drives sensitive information leakage when changing LAN networks on Windows

Assuming the following or similar setup of network drives/locations on a Windows 7+ system originally connected to a TrustedLAN: TrustedLAN Gateway: 192.168.1.1 /24 TrustedLAN Windows System IP: 192.168.1.10 NAS's IP on TrustedLAN: 192.168.1.20…
Fit Nerd
  • 103
  • 3
0
votes
2 answers

Security implications of directly connecting a Windows PC to ISP via Network Adapter with Ethernet cable bypassing the Router

When diagnosing Internet connection issues (slow speed for example), an ISP technician may ask a user to connect their ISP-provided Ethernet cable directly to a device (typically a Windows PC) to run speed tests in the browser or pings, etc. (to…
Fit Nerd
  • 103
  • 3
0
votes
0 answers

GLOBAL lockout of ALL external incoming access attempts

I have stripped down my /etc/services file to bare minimum (according to my awareness of what is needed) for a Linux DESKTOP configuration accessing remote services and offering no services to remote clients. Notwithstanding that, knowing I might…
Eric Marceau
  • 1
  • 4
0
votes
1 answer

Does GCP Cloud Armor support TCP load balancer? I am unable to add TCP load balancers as a Targets in Cloud Armor?

In the GCP cloud armor documentation, it is mentioned here, that it supports HTTP(S) and TCP load balancers to be configured. But I am unable to add TCP load balancer as a Target in Cloud Armor as it doesn't show the TCP load balancer in the target…
Ravi K Mahankali
  • 1
  • 1
0
votes
2 answers

netsystemsresearch.com on my internal network

It first started happening with the local network enabled printer. It printed out that netsystemsresearch.com was doing a search of all public networks. I stopped that by disabling outside connections from the printer. Yesterday I had an expressjs…
panosl
  • 101
  • 1
  • 1
0
votes
1 answer

AWS - VPC traffic being dropped - how to debug Network ACL and security group?

I have an AWS VPC with two subnets: Public and Private. I can access the internet (via a NAT Gateway) from the public subnet, but not from the private subnet, and I can't work out what's wrong. Both subnets have NACLs which allow all traffic in…
mdarwin
  • 121
  • 7
0
votes
1 answer

NACLs and NAT Gateways for public and private subnets

I have a VPC with 3 subnets: Public (FE layer, inbound internet access only) Protected (app layer, outbound internet access only) Private (DB layer, no internet access at all) The public subnet NACL blocks all inbound from the internet on any…
mdarwin
  • 121
  • 7
0
votes
1 answer

AWS: VPN between VPC and an external resource with IKEv2 and ESP

I need to set up a VPN tunnel between the VPC in AWS and an external server with content that I want to access securely. The idea is to use the Site-to-site VPN Connection with Virtual Private Gateway and a Customer Gateway. The tunnels are…
george007
  • 103
  • 4
1 2
3
4