Hyper-V ConceptsIt's time to get familiar with Hyper-V Virtualization, virtual servers, virtual switches, virtual CPUs, virtual deployment infrastructure (VDI) and more.
One of the most important features in any network security monitoring and patch management application such as GFI’s LanGuard is the ability to automate tasks e.g automatic network scanning, email alerts etc. This allows IT Administrators, Network Engineers, IT Managers and other IT Department members, continue working on other important matters while they have their peace of mind that the security application is keeping things under control and will alert them instantly upon any changes detected within the network or even vulnerability status of the hosts monitored.
GFI LanGuard’s email alerting feature can be easily accessed either from the main Dashboard where usually the Alerting Options notification warning appears at the bottom of the screen:
Figure 1. GFI LanGuard email alerting Option Notification
Or alternatively, by selecting Configuration from the main menu and then Alerting Options from the left side area below:
This article shows how any IT Administrator, network engineer or security auditor can quickly scan a network using GFI’s LanGuard and identify the different systems such as Windows, Linux, Android etc. More importantly, we’ll show how to uncover vulnerable, unpatched or high-risk Windows systems including Windows Server 2003, Windows Server 2008, Windows Server 2012 R2, Domain Controllers, Linux Servers such as RedHat Enterprise, CentOS, Ubuntu, Debian, openSuse, Fedora, any type of Windows workstation (XP, Vista, 7, 8, 8.1,10) and Apple OS X.
GFI’s LanGuard is a swiss-army knife that combines a network security tool, vulnerability scanner and patching management system all in one package. Using the network scanning functionality, LanGuard will automatically scan the whole network and use the provided credentials to log into every located host and discover additional vulnerabilities.
To begin, we launch GFI LanGuard and at the startup screen, select the Scan Tab as shown below:
Figure 1. Launching GFI LanGuard 2015
Next, in the Scan Target section, select Custom target properties (box with dots) and click on Add new rule. This will bring us to the final window where we can add any IP address range or CIDR subnet:
ARP attacks and ARP flooding are common problems small and large networks are faced with. ARP attacks target specific hosts by using their MAC address and responding on their behalf, while at the same time flooding the network with ARP requests. ARP attacks are frequently used for 'Man-in-the-middle' attacks, causing serious security threats, loss of confidential information and should be therefore quickly identified and mitigated.
During ARP attacks, users usually experience slow communication on the network and especially when communicating with the host that is being targeted by the attack.
In this article, we will show you how to detect ARP attacks and ARP flooding using a network analyzer such as Colasoft Capsa.
Colasoft Capsa has one great advantage – the ability to identify and present suspicious ARP attacks without any additional processing, which makes identifying, mitigating and troubleshooting much easier.
Download your copy of Colasoft Capsa and discover how easy it is to identify network & security related problems.
The Diagnosis tab provides real-time information and is extremely handy in identifying potential threats, as shown in the screenshot below:
Figure 1. ARP Scan and ARP Storm detected by Capsa's Diagnosis section.
Under the Diagnosis tab, users can click on the Events area and select any suspicious events. When these events are selected, analysis of them (MAC address information in our case) will be displayed on the right as shown above.
In addition to the above analysis, Capsa also provides a dedicated ARP Attack tab, which is used to verify the offending hosts and type of attack as shown below:
Part one of our two-part series on Cross-site scripting (XSS) explains what are XSS attacks. We also take a close look on how XSS exploits work (urls, cookies, web cache etc.) and analyze their impact on business websites – webservers, using real examples of popular sites that were hit using different XSS exploits. We also talk about the different type of XSS attacks that make website users very difficult to identify and detect them. Part-two will provide a Cross-site scripting attack example, talk about the different type of XSS vulnerabilities and explain how to identify XSS vulnerabilities in your web applications & web servers.
Find Website Vulnerabilities and Exploits with Netsparker Cloud - Register Now!
Cross-site scripting, which is more commonly known as XSS, focuses the attack against the user of the website more than the website itself. These attacks utilize the user's browser by having their client execute rogue frontend code that has not been validated or sanitized by the website. The attacker leverages the user to complete their attack, with the user often being the intended victim (such as by injecting code to infect their computer). The user loads a trusted website, the rogue script is injected somehow, and when the page is rendered by their browser that rogue script is executed. With more websites performing their actions as browser-rendered code instead of in Flash or with static pages, it is easy to see why XSS can be a significant threat.
HTTP reconstruction is an advanced network security feature offered by nChronos version 4.3.0 and later. nChronos is a Network Forensic Analysis application that captures packets/data around the clock. With HTTP reconstruction, network security engineers and IT managers can uncover suspicious user web activity and check user web history to examine specific HTTP incidents or HTTP data transferred in/out of the corporate network.
Download your copy of nChronos now!
Firewall.cx readers can also visit our nChronos Forensic Analysis section to gain access to more technical & network security articles covering nChronos.
Now let's take a look at how to use this new feature with Colasoft nChronos.
The HTTP reconstruction feature can be easily selected from the Link Analysis area. We first need to carefully select the time range required to be examined e.g 9th of July between 13:41 and 13:49:15. Once the time range is selected, we can move to the bottom window and select the IP Address tab to choose the IP address of interest:
Figure 1. Selecting our Time-Range, and IP Address of interest from Link Analysis
nChronos further allows us to filter internal and external IP addresses, to help quickly identify the IP address of interest. We selected External IP and then address 188.8.131.52.
All that's required at this point is to right-click on the selected IP address and choose HTTP Packet Reconstruction from the pop-up menu. Once HTTP Packet Reconstruction is selected, a new tab will open and the reconstruction process will begin as shown below: