Network Address Translation (NAT) Overload - Part 2
In our previous article, Network Address Translation (NAT) Overload - Part 1, we explained what NAT Overload is and how it works. This page deals with the analysis of the packets that traverse a NAT Overload enabled device. We'll examine which fields of the packets are modified and how the NAT device, a router in our example, keeps track of them in its NAT Table.
In order to keep things simple, we're going to use a few simple examples and then deal with a few more complicated ones, this should help make the complex stuff much easier to understand and digest.
Time to grab something to drink or munch on, and prepare to download this information into your head!
Readers interested in learning how to configure NAT on a Cisco router can visit our Cisco Routers section
How NAT Translation Works
When covering Dynamic and Static NAT, we saw that it was either the Source or Destination IP Address that had to be modified by the NAT device. No matter which mode was used, the Source and Destination ports were never altered in any way.
NAT Overload on the other hand will use a single public IP Address for the routing process and change, in most cases, the Source or Destination port depending on whether it's an incoming or outgoing packet.
In the next diagram we have two computers that have each sent a packet out to the Internet and are expecting a reply. We take a look at how the router deals with these packets individually and where the information required to identify the expected replies is stored:
You've got to agree that that's a very simple setup. To make life easy, I haven't included any additional information about the generated packets because we'll deal with them individually.
So it's time to take a look at how the router deals with this first packet which belongs to Workstation 1:
The packet generated by Workstation 1 arrives at the router's private interface which has IP Address 192.168.0.1. The router accepts the packet and processes it. Once inside the router, the packet's Source IP Address, Destination IP Address, Source Port and Destination Port are examined and the router decides that this is a valid packet so it should be forwarded to the Internet.
NAT is now about to take place (check NAT Table in the above diagram). The router will replace the Source IP Address (192.168.0.5) with its Public IP Address (200.0.0.1) and keep the rest of the information intact.
Note that in most cases, the Source Port is not changed unless it has already been used by a previous packet from the private network but, since this is the first outgoing packet, this cannot be the case.
Here's how the packet looked once it exited the router's public interface:
Time to check our second packet that will traverse the router, which is generated by Workstation 2 (the router has not yet received the reply to Workstation 1's packet).
We're going to assume that Workstation 2 uses the same Source Port (2400) as Workstation 1's packet, so you can see how the router will react:
This packet is a very good example to show you how great NAT Overload is because the router will need to 'do' something to make sure it's able to successfully receive the reply.
Let's look at what happens within the router as the packet arrives at its private interface:
As you can see, our second packet arrives at the router's private interface. It enters the router and since the packet is valid (it's not corrupt and contains a valid Destination IP Address in its IP Header) it's routed to the public interface and NAT is performed while a new entry is added into the router's NAT Table.
Looking at the NAT entries, you will notice that both first and second packets have the same Source Port, which is 2400. Since the router already used port 2400 as a Source Port for the first packet's NAT Translation and hasn't yet received a reply, it cannot use it again for the second packet. If it did use it, when a reply for any of the two packets came back the router wouldn't be able to distinguish whose it was.
For this reason, the router assigns a new Source Port for the second packet (14500), ensuring that the reply will get to the internal host for which it is intended:
Usually most NAT Overload enabled devices will assign Source Ports in the range of 1025 to 65500.
Keep in mind that when one host sends a packet to another, the Source Port it used in the packet will be substituted for the Destination Port in the reply packet.
For example, Host A sends a packet to Host B and this packet has a Source Port of 200, then when Host B replies to Host A its packet will have a Destination Port of 200. This way, Host A knows this is a reply to the initial packet it sent.
This is why it's important for the router to keep close track of Source Ports on outgoing packets and Destination Ports in all incoming packets.
Summary
NAT Overload will work perfectly no matter which type of IP Address assignment you have. Whether it's Dynamic IP or Static, via dial up or a permanent connection, it makes no difference to the NAT device. You can now see how this particular NAT mode has helped preserve real (public) IP Addresses, because no matter how many internal hosts any private network has, it only requires one real IP Address in order to allow all internal hosts to access the Internet.
- Hits: 44700
Figure 6. LSA Type 5 packets advertise the default route to all OSPF routers
This is the thrid article of our 6-part OSPF series (see below) that describes how OSPF routers perform neighbor relationship and adjacency. We’ll examine how OSPF discovers neighbors by sending Hello packets through the router interfaces and how it shares Link State Advertisements (LSAs) to form adjacencies and build its topology table. We’ll also examine the contents of OSPF Hello packets (Router ID, Hello/Dead Intervals, Subnet Mask, Router Priority, Area ID, DB & BDR IP Address, Authentication information) and more.
This article covers basic OSPF concepts and operation. We explain how OSPF works, how OSPF tables are built on an OSPF-enabled router and their purpose (Neighbour Table, Topology Table, Routing Table), OSPF areas and their importance. Next we cover OSPF Link State Packet types used to exchange data between OSPF routers: Link State Advertisement (LSA), Link State Database (LSDB), Link State Request (LSR), Link State Update (LSU) and Link State Acknowledgment (LSAcK).
This article shows how to configure and setup SSH for remote management of Cisco IOS Routers. We’ll show you how to check if SSH is supported by your IOS version, how to enable it, generate an RSA key for your router and finally configure SSH as the preferred management protocol under the VTY interfaces.
Figure 1. Understanding Basic Embedded Packet Capture Terminology
Figure 2. Capturing packets betwen host 192.168.3.2 and Firewall.cx
Figure 3. Importing packets into a Network Analyzer
Figure 4. Packets displayed inside the network analyzer
Chances are we’ve all needed to upgrade our Cisco’s device IOS software at some point. While upgrading the IOS software on a Cisco device is considered to be a fairly simple process, it can turn out to be a very stressful and destructive process if something goes wrong, especially if the upgrade is being performed on a remote Cisco device. Uploading a corrupt IOS image or having it become corrupt during the upload process is a common problem Cisco engineers encounter.
Figure 1. The tftp source IP problem with tftp and other services on a Cisco Router
Configuring PPP Multilink is a pretty straightforward process, however, configuration steps can differ depending on the interfaces and protocols you are dealing with. 
The above diagram illustrates a typical MPLS VPN network where VRFs are unique for each VPN connected to a particular Provider Edge router
Typical Man-in-the-Middle attack. Client data streams flow through the attacker
This article explains the procedure that should be followed to correctly shutdown/powerdown a Cisco Nexus 7000 series module and remove it from the chassis. We also include important tips that will help ensure you avoid common problems and mistakes during the removal procedure.
Our previous article shows how to perform a 
This article shows how to reset a password on a Cisco Catalyst 3750-X (stacked or single unit) and Cisco Catalyst 3560-x switch without losing its startup configuration. The Cisco password recovery procedure involves interrupting the switch’s normal boot procedure, renaming the flash:config.text (that’s the startup-config file for switches) to something else e.g flash:config.text.old so that the configuration file is skipped during bootup.
In previous articles, we showed how it is possible to 
This article covers basic and advanced configuration of Cisco Catalyst Layer-3 switches such as the Cisco Catalyst 3560G, 3560E, 3560-X, 3750, 3750E, 3750-X, 3850, 4500, 6500 , 9300, 9400 series, and extends to include the configuration of additional features considered important to the secure and correct operation of these devices.
Due to Cisco’s new licensing model, purchasing a Layer 3 switch doesn’t really mean that essential features such as InterVLAN routing can be used.
There’s a new switch around the block and its name is Catalyst 3850 – Cisco’s latest addition to its successful Catalyst series switches. The Cisco Catalyst 3850 is no ordinary switch – it’s fully stackable and designed to integrate wired and wireless networks by offering full switch and the industry’s first built in wireless LAN controller.
Figure 1. The network diagram above helps us understand the terminology and implementation of SPAN.
The Cisco Catalyst Switching Portfolio is perhaps one of the most useful Cisco PDF files, containing all Catalyst series products. 
Errdisable is a feature that automatically disables a port on a Cisco Catalyst switch. When a port is error disabled, it is effectively shut down and no traffic is sent or received on that port.
Many companies are seeking for Cisco SFP alternatives to help cut down the costs on these expensive modules.
This article focuses on VLAN Security and its implementation within the business network environment. We provide tips and Cisco CLI commands that will help you upgrade your VLAN network security.
This article explains how to configure a Cisco Firepower 2100 series device to operate in Appliance mode. We’ll show you how to switch from Platform mode to Appliance mode and how the device will automatically convert and retain your ASA configuration.
The Cisco ASA Firewall 5500-X series has evolved from the previous ASA 5500 Firewall series, designed to protect mission critical corporate networks and data centers from today’s advanced security threats.
Figure 3. The Cisco FireSIGHT Management Center Graphical Interface
Cisco’s Adaptive Security Appliance (ASA) Firewalls are one of the most popular and proven security solutions in the industry. Since the introduction of the PIX and ASA Firewall into the market, Cisco has been continuously expanding its firewall security features and intrusion detection/prevention capabilities to adapt to the evolving security threats while integrating with other mission-critical technologies to protect corporate networks and data centers.
Figure 2. The Cisco ASA Firewall AIP SSC-5, AIP SSM-20 and AIP SSM40 IPS hardware modules
In late 2014, Cisco announced the new licensing model for the latest AnyConnect Secure Mobility client v4.x. With this new version, Cisco introduced a number of new features, but also simplified the licensing model which was somewhat confusing. In this article, we will take a look at the new AnyConnect 4.x licenses which consist of: AnyConnect Plus license, AnyConnect Plus Perpetual license and AnyConnect Apex license.
The Cisco ASA 5500 series security appliances have been around for quite some time and are amongst the most popular hardware firewalls available in the market. Today Firewall.cx takes a look at how to easily setup a Cisco ASA5500 series firewall to perform basic functions, more than enough to provide secure & restricted access to the Internet, securely access and manage the ASA Firewall and more.
This article covers the deployment of the Cisco WLC 9800-CL cloud-based controller on the VMware ESXi platform. We explain the CPU, RAM and storage requirements, provide URLs to easily download and install the WLC controller using the OVA template, select the appropriate WLC 9800 deployment size (small, medium, large) and help you understand and configure the different WLC VM network interfaces.
This article explains how to convert a local or remote Autonomous / Standalone Cisco Aironet Access Point to Lightweight and register it to a 
Figure 1. Available Ports on a Cisco WLC 5500
Figure 2. Picture of Fiber & Ethernet Copper SFPs
Figure 3. Pictures of WLC2504 & WLC2124
Figure 1. A few of the larger Cisco WLC models and Catalyst 3850
Figure 2. Cisco WLC 8500 (left) and Cisco WLC 2500 (right) web interface
We would like to inform our readers that Firewall.cx has just made available as a free download all of 
Cisco Unified CallManager (CUCM) and its Voice Gateway relies on the telecommunication provider (telco) to send the correct call details for every incoming call, to allow the system to correctly process it and route it.
Figure 1 - CUCME to Cisco IP Phone SRTP and TLS
This article explains how to reset your Cisco 7940, 7941, 7942, 7960, 7961, 7962 & 7920 IP phone to factory defaults, and how to upgrade its firmware to the latest available version.
This article explains how to reset your Cisco 7945, 7965 and 7975 IP phone to factory defaults, and how to upgrade the firmware to the latest available version. We also provide necessary information on how to setup a DHCP server on a CME router or Cisco Catalyst switch, to support Cisco IP Phones and provide them with DHCP Option 150 so they know where to find and register with the CallManager or CallManager Express server.
Let’s now understand the threats that lurk around your UC solution and could possibly prove detrimental to the operations of a UC network.
Cisco is continuously developing its CallManager Express product, introducing new features and services to help keep up with its customers' and the market’s demands.
Cisco CallManager Express, also known as CME or CCME, runs on both Cisco ISR Routers and UC500 platform, including UC520, UC540 and UC560.
This article shows how to perform an ISSU (In-Service Software Upgrade) on a 
Whether you’re new to 
The output from NX-OS show commands can be lengthy and that makes it difficult to find the information we are looking for. The Cisco NX-OS software provides the means to search and filter the output to assist in locating the information we are after. 
Nexus switches offer powerful scripting capabilities since integrating Python into NX-OS and can simplify network operations through the ability to run Python scripts directly on the switch. Python is a powerful programming language with a simple approach to object-oriented programming. The Cisco Nexus 5000 series switches with Releases 5.2(1)N1(1) and later and the Cisco Nexus 6000 series switches with Releases 6.0(2)N1(1) and later, support all the features available in Python v2.7.2. The Cisco Nexus 7000 series also support Python v2.7.2 and the Cisco Nexus 9000 Series devices support Python v2.7.5. The python scripts can be used to execute configuration commands, show commands, parse CLI output, call other scripts etc. 
The Cisco NX-OS checkpoint feature provides the capability to capture at any time a snapshot (backup) of the Cisco Nexus configuration before making any changes. The captured configuration (checkpoint) can then be used to roll back and restore the original configuration.
This article introduces the Cisco Nexus product family (Nexus 9000, Nexus 7000, Nexus 5000, Nexus 3000, Nexus 2000, Nexus 1000V and MDS 9000). We explain the differences between Nexus and Catalyst switches but also compare commands, naming conventions, hardware capabilities etc. between Nexus NX-OS and Catalyst IOS operating systems. To provide a comprehensive overview we explain where each Nexus model is best positioned in the Data Center and directly compare high-end Nexus switches (Nexus 9000/7000) with high-end Catalyst switches (Catalyst 6800 / 6500) examining specifications, bandwidth – capacity, modules and features (High-Availability, Port Scalability, VDC, vPC – VSS, OTV, VXLAN, etc).
It’s a reality – Australia now has its own Official Cisco Data Center User Group (DCUG) and it’s growing fast! Originally inspired by Cisco Champions Chris Partsenidis and Derek Hennessy, the idea was fully backed by Cisco Systems as they happened to be looking to start up something similar on a global scale.
Without a doubt, Cisco certifications and specializations are among the most popular vendor certifications in the IT industry, and earning them doesn’t come easy. Anyone who’s achieved a Cisco certification would be well aware of the countless hours required to cover the necessary curriculum, practice labs, and prepare for their Cisco exam.
One of the most difficult things for people who are starting out in a networking career is getting their hands on the equipment. Whether you are studying for Cisco certification or just wanting to test certain network behaviors in a lab, no one would argue that practicing is the best way to learn.
This article shows to how correctly install Cisco VPN Client (32 & 64 bit) on Windows 10 (32 & 64 bit) using simple steps, overcome the ‘This app can’t run on this PC’ installation error, plus fix the Reason 442: Failed to enable Virtual Adapter error message. The article applies to New Windows 10 installations or Upgrades from earlier Windows versions and all versions before or after Windows 10 build 1511. We also include all required VPN files directly downloadable from Firewall.cx to save time and trouble from broken 3rd-party links.
a successful networking professional it is essential to gain information on-the-fly about the network infrastructure he or she is working on. For a successful and established vendor of networking equipment and technology it is important to satisfy this requirement. Being at the forefront of networking technology, Cisco carries the enviable distinction of not only setting industry standards and delivering a variety of networking equipment, but also presenting an efficient support infrastructure. One such service offering is its latest Cisco Technical Support Mobile App.
Unified communications is a very popular term these days and we see it appearing on almost every vendor as they rename their platforms and products to include this term. The definition of unified communications changes slightly depending on the vendor you are looking at, but its foundation remains the same. Breaking unified communications into components makes it a lot easier to analyze and put things into the correct perspective.
mGRE Tunnel Interface is used to allow a single GRE interface to support multiple IPSec tunnels and helps dramatically to simplify the complexity and size of the configuration.
Each GRE tunnel between the hub-spoke routers is configured with its unique network ID. For example, GRE tunnel between the HUB and Remote Office 1 could use network 10.0.0.0/30, while GRE tunnel between the HUB and Remote Office 2 could use 10.0.1.0/30 etc.
Unfortunately the good old 'remove and reinstall' method won't get you far in this case as the problem is not within the Cisco VPN client program, but Microsoft's Internet Connection Sharing (ICS) service.
Discover the ins and outs of using Palo Alto Networks’ Software NGFW (Flex) credits to seamlessly renew your cloud-based or virtualized software NGFW devices! Dive into this exciting guide where we unravel the mysteries of software NGFW credits, show you how they're allocated to your deployment profile, and walk you through the renewal and verification process.
This article’s purpose is to help you quickly master Palo Alto QoS concepts and learn to configure QoS on Palo Alto Firewalls in a simple and efficient way. QoS is considered a complicated topic however thanks to Palo Alto’s intuitive firewall GUI interface and our real-scenarios, you’ll quickly grasp all necessary QoS basics and be ready to implement your own QoS policies!
QoS Priority Queues - Packet classification and prioritization
This article provides comprehensive guidance on the manual processes involved in downloading, uploading, and installing (import) any PAN-OS version on a Palo Alto Firewall. It details the steps for searching and downloading the desired PAN-OS version, as well as the supported methods for uploading the software to your Palo Alto Firewall, including Web, TFTP, and SCP. Additionally, the article offers valuable tips aimed at facilitating a smooth and successful upgrade process.
This article will show you how to configure an IPSec VPN tunnel between a Palo Alto firewall (all PANOS versions) and Meraki MX security appliance. Our comprehensive guide includes IPSec VPN setup for static & dynamic IP endpoints, Full tunnel VPN configuration, Split tunnel VPN configuration, special considerations for Full & Split tunnel modes, IPSec Phase 1 - IKE gateway & crypto policies, IPSec Phase 2 – Tunnel encryption algorithms & authentication plus more.
Keeping your Palo Alto Firewall up to date with the latest PAN-OS software updates is an important step to ensure your organization is protected against the PAN-OS latest software vulnerabilities, software bugs but at the same time take advantage of Palo Alto’s latest security enhancements and capabilities.
This article explains how to register and activate your Palo Alto Firewall Appliance to obtain technical support, RMA hardware replacement, product updates, antivirus updates, wildfire, antispam updates, Threat Prevention, URL Filtering, Global Protect and more. The article covers all Palo Alto Firewalls including: PA-220, PA-820, PA-850, PA-3220, PA-3250, PA-3260, PA-5220, PA-5250, PA-5260, PA-5280, PA-7050, PA-7080 and all VM Series.
During the past decade, we’ve seen the global IT security market flooded with new network security and firewall security appliances. New vendors emerging into the market while existing well-known vendors introduce new smarter and complex firewalls that aim to keep enterprise organizations as safe as possible. Palo Alto Networks is one of the new-generation security vendors who have managed to break into a saturated market and make their stand.
The digital transformation is pushing applications to the cloud, the 2020-2022 pandemic shifted employees to work from home, and the number of resulting new use cases is sending IT leaders scrambling for answers. The number of solutions IT departments have had to adopt to ensure their network's performance and security has continuously grown for over a decade.
Secure Access Service Edge (SASE) is an architecture widely regarded as the future of enterprise networking and security. In previous articles we talked about the 
Global connectivity is top of mind for many IT teams at organizations of all sizes. We are currently in the middle of a dramatic shift in business and technology practice, as users are becoming more mobile while applications are being transitioned to the cloud. This shift will only accelerate as companies will look to leverage the speed and agility of cloud services with the operational, cost and quality advantages of a geographically distributed work force. While Covid-19 has contributed to the acceleration of this shift, the change was always inevitable once technology was ready. Legacy connectivity and security products have long been a barrier to progress.
This article explores the need for Secure Access Service Edge (SASE) in today’s organizations. We show how one of the most advanced SASE platforms available, combines 
The Virtual Private Network (VPN) has become the go to security solution for keeping communications between networks and endpoints secure. After all, VPNs offer a straightforward, secure method for connecting sites (a 
Software Defined Wide Area Networking (SD-WAN) is changing the way that businesses connect to the cloud. With SD-WAN, organizations can move away from closed, proprietary hardware solutions, bringing flexibility and potential cost savings to their operations. 
Enterprises have been successfully running WAN optimization appliances at their many distributed sites for years. The devices have done a good job of helping businesses squeeze as much capacity as possible out of their WAN links and to improve performance across low-bandwidth, long-distance network circuits.
While historically most application requests were directed inward, toward corporate data centers, most are now outbound, toward cloud and Internet locations. As the software as a service (SaaS) computing model continues to gain steam, these trends will only get stronger.
With so much enterprise network traffic now destined for the cloud, backhauling traffic across an expensive MPLS connection to a data center to apply security policy no longer makes sense. Software-defined WANs (SD-WAN) promise lower transport costs with direct, higher-performing connections to cloud and Internet resources. But what are the security implications of moving traffic off of private MPLS VPNs and onto public broadband links?
A lot has changed in how people work during the past twenty years. Co-working spaces, mobility, and the cloud now are common. Businesses are spread out and branch offices are empowered.
By: Shlomo Kramer, Check Point Software & Cato Networks Co-Founder
The Wide Area Network (WAN) is the backbone of the business. It ties together the remote locations, headquarters and data centers into an integrated network. Yet, the role of the WAN has evolved in recent years. Beyond physical locations, we now need to provide optimized and secure access to Cloud-based resources for a global and mobile workforce. The existing WAN optimization and security solutions, designed for physical locations and point-to-point architectures, are stretched to support this transformation.
SD-WAN is the answer for enterprises and organizations seeking to consolidate network functions and services while at the same time simplify their WAN infrastructure and its management.
This article explores the Security Service Edge (SSE) portion of Secure Access Service Edge (SASE) and the need for holistic cybersecurity protections.
The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies.
SQL injection vulnerabilities have held the first spot on the 
With nearly every business sector relying on the internet and digital tools to function, it is no surprise that cybersecurity is the second-fastest growing industry. Hackers don’t care how large or small your company is. They will target all sizes in an all-out effort to steal data, access confidential or classified information, cause mayhem, and hurt the organization's reputation.
Organizations with unimpressive IT budgets may be tempted to minimize how much they spend on security-related tools, activities, and training due to the challenge to mathematically determine what the return on investment (ROI) will be. If one thing is certain, it’s that management will want to know the ROI and when cyber-attacks are in play, coming up with an accurate representation of how much a successful penetration could have cost is, well, not easy.
There are two primary approaches to web application security testing. Dynamic Application Security Testing (DAST), also called black box testing, imitates an attacker.
A gray box testing solution adds hooks around key calls (for example, database calls, system calls, etc.). Those hooks, often called sensors, communicate two ways with the IAST scanner. Hooks do not require access to the source code. The scanner works directly with the interpreter or the application server.
Security researchers disagree about the percentage of vulnerable websites, but most concur that it’s way too high. Despite their long history, attackers continue to use 
22nd May 2018: Acunetix, the pioneer in automated web application security software, has announced the release of version 12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such as SPAs. This coupled with a new AcuSensor for Java web applications, sets Acunetix ahead of the curve in its ability to comprehensively and accurately scan all types of websites. With v12 also comes a brand new scanning engine, re-engineered and re-written from the ground up, making Acunetix the fastest scanning engine in the industry.
Acunetix DeepScan and the Acunetix Login Sequence Recorder have been updated to support ECMAScript version 6 (ES6) and ECMAScript version 7 (ES7). This allows Acunetix to better analyse JavaScript-rich sites which make use of the latest JavaScript features. The modularity of the new Acunetix architecture also makes it much easier now for the technology to stay ahead of the industry curve.
SQL Injection Attacks are one of the most popular attacks against web servers, websites and web applications. A fairly popular website can expect to receive anywhere between 80 and 250 SQL injection attacks on a daily basis and these figures can easily reach thousands when an SQL vulnerability is disclosed to the public.
A web application would typically communicate with a variety of back-end systems, including a database. Let’s take an HTML form, which inserts values into a database, as an example. 
Acunetix has refreshed its online web and network vulnerability scanner, Acunetix Online, with a massive update. The new Acunetix Online now incorporates all the features found in its on premise offering, Acunetix On Premise. With a brand new simpler than ever user interface, integrated vulnerability management and integration with popular Web Application Firewalls (WAFs) and Issue Tracking systems, this is by far the biggest Acunetix Online release since it’s introduction.
This article aims to help you understand how 
Figure 1. Illustration of how CSRF attacks work
According to Wikipedia, security is defined as the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset which in almost all cases, will include an organizations’ website, web service and IT infrastructure.
Figure 1. Generating ModSecurity Rules from a Web Application Vulnerability Scanner
This article examines the differences between logical and technical web application vulnerabilities which tends to be a very confusing topic especially for web application developers and security – penetration experts because it would make sense that a vulnerability by any other name is simply confusing something that should be simple.
Technical vulnerabilities is an area where automated scanners excel — it is a rule-based process. It is also time intensive, because of the vast number of attack vectors and potential vulnerabilities. For a human to complete this process, while possible, would be extremely expensive and likely full of both false-positives and false-negatives.
Logical vulnerabilities are much harder to detect primarily because they require a human to think about and assess a potential problem. While it’s true that some logical vulnerabilities can be programmed, it’s often cost-prohibitive to do so.
In this article, we’re going to talk about automating your web security in the safest and most effective way. We’ll also touch on a few Web Application Security automation tools worth considering using. Furthermore, we'll speak about why its important to select the right Web Application Scanning tool and how it can help meet your web development time frame, saving the company a lot of money and time.
You might be asking, “how can an automated web vulnerability scanner possibly replace a human?” You’d be correct in your assumption that an automated scanner is no replacement for human intuition or experience. However, you’d probably also agree that manually scanning for hundreds or thousands of 
Successful web application attacks and the data breaches that are resulting from these attacks, have now become everyday news, with large corporations being hit constantly.
One such example of implementing a defense in depth approach would be to restrict an administrator panel to be accessed only from a particular IP address. Even though there is enough protection, for most cases, by using credentials in the form of a username and password to log into the admin panel, the added layer of protection will come in handy. If the password is disclosed to an attacker, the protection will no longer be valid, therefore making the login setup irrelevant. By implementing another small but robust security feature, you will be moving towards making your defense infallible.
Part two of our Cross-site scripting (XSS) series shows how easy it is to create & execute a XSS attack, helping readers & network security engineers understand how XSS attacks work and how to identify web application vulnerabilities. 
This is also only one example of the various kinds of XSS attacks that can be executed. XSS attacks fall into three general categories as defined by OWASP: Stored, Persistent XSS, Reflected, and DOM-based XSS. Stored XSS attacks, as their name implies, are stored unsanitized in the website (such as in a database entry) and rendered on page-load (this is how the Samy worm operated). Reflected XSS attacks are usually more common, often a result of data within an unsanitized URI string that is rendered by the website’s frontend code (such as in the example above). The final type, DOM-based, exploits the Document Object Model environment similar to a reflected XSS attack, but by altering the page’s elements dynamically.
Part one of our two-part series on Cross-site scripting (XSS) explains what are XSS attacks. We also take a close look on how XSS exploits work (urls, cookies, web cache etc.) and analyze their impact on business websites – webservers, using real examples of popular sites that were hit using different XSS exploits. We also talk about the different type of XSS attacks that make website users very difficult to identify and detect them. Part-two will provide a Cross-site scripting attack example, talk about the different type of XSS vulnerabilities and explain how to identify XSS vulnerabilities in your web applications & web servers.
An XSS attack can actually be quite dangerous for users of a website, and not just because of the possible trust lost from its customers. When a user accesses a website, often much of its content is hidden behind some form of authentication – like how Facebook is practically useless unless you have an account. That authentication not only hides privileged information, but also provides access to the account itself (social media information, ability to make purchases, etc.). Some of the information required for that authentication is stored on the user's computer, namely in the form of cookies. If a user's cookies can be compromised via an injected XSS exploit, their account can be hijacked as well.
StrongVPN is one of the most popular 
Back then, the Internet was so very young. Those were the times of Windows Maze Screensaver, of the classy Minesweeper, of grey-white MS Paint, and of silvery floppy disks. Gone are those days. Now, after completing its silver jubilee, the Internet has grown to be almost a multiverse of information, every micro-second its network mushrooms like anything. But even maturity comes with its own struggle. This enhanced version of the Internet carries its own privacy concerns.
TOR or The Onion Router is a free, open source software that comes under the development and maintenance of The Tor Project, a non-profit organisation funded by the US Government. TOR enables users to preserve their anonymity over Internet communications.
The internet is in a strange place right now. It’s no longer the open, free place it used to be. Increasingly, users are being subject to website blocks, attacks, and surveillance. For true safety or anonymity, precautions must be taken. Thankfully, there many ways for you to protect yourself, one of them being Socket Secure (SOCKS) proxies.
Despite what some think, the internet is not private. Anonymous browsing and Internet Privacy are almost non-existent in today's online world. Websites collect personal information on every visit without your knowledge. Despite the free label, services come at a cost, and in many cases, it’s a lack of privacy.
VPN (Virtual Private Network) is a well-known acronym amongst regular internet users. Initially used within businesses to securely connect to the corporate network, nowadays it’s being used by almost any type of user for anonymous browsing, protecting their privacy and stopping ISPs and government agencies tracking their online activities and transactions who are looking to capture users performing illegal file sharing of movies, music albums, torrenting or even trying to access geo-restricted content such as Netflix, Hulu and other streaming services.
It’s hard to go to a pub, café, or hotel these days without running into public or guest WiFi. In many cases, an internet connection can feel like a necessity – keeping up with work or personal emails, arranging plans with friends, checking social media. Connecting is usually as easy as entering an email address, filling out a survey, or entering a code on a receipt.
Thankfully, wifi snooping is on the decrease thanks to SSL encryption. This web standard is spreading across all the most popular sites, and you’ll notice it by the HTTPS icon in your browser (as seen in the image on the left). It means that while someone can see the url you’re on, they can’t see your emails or the password you just typed in. Unfortunately, this won’t stop someone resourceful. In fact, SSL can be bypassed with a single method.
Hotels are one of the most vulnerable places for such attacks. They often have hundreds of people connected to the network at a time and hackers can stay in their rooms, undetected by anyone. Most hotels don’t have good security, and standardization means that many have the same, vulnerable hardware.
Encrypted communication has the add-on effect of avoiding bandwidth throttling from ISPs. As mentioned earlier, service providers inspect packets to classify different data. This lets them put a speed cap on specific mediums. This is usually done unofficially and some service providers will deny the practice despite significant data 
It was just a matter of time until the new global wave of government site blocking at the ISP level arrived in Australia. In mid-December 2016, the 
Despite innovations in security and technology, it’s difficult to remain anonymous online. Identifying information is seemingly everywhere – from malicious JavaScript tracking to the location services in web browsers. Even secure 
VPN Services have become a necessity for users concerned about their online privacy and security. With literally hundreds of thousands of attacks daily, exploits and security vulnerabilities being discovered plus government agencies and ISPs monitoring user activity, the internet is no longer considered a safe place.
Businesses of all sizes are more and more adopting cloud-based platforms like Microsoft 365 to streamline operations, improve collaboration, and increase productivity. However, this newfound reliance on such software solutions makes these businesses prime targets for cybercriminals.
One of the most critical security solutions within the Microsoft 365 ecosystem is Microsoft Defender for Office 365. This tool is specifically designed to protect against email-based threats such as phishing, malware, and ransomware, which are common attack vectors targeting businesses.
Data breaches and cyber threats cast a long shadow over both organizations and individuals alike, making the need for robust cyber security measures more pressing than ever. However, the most advanced technology in the world cannot fully protect against cyber risks if the people using it are not aware of the dangers and the best practices for avoiding them.
Cyber security awareness encapsulates the knowledge and behaviors that individuals within an organization adopt to protect its information assets. It's not merely about having the right technology in place; it's about ensuring every member of the organization understands the role they play in maintaining security. This understanding spans recognizing potential threats, such as 
This article serves as a comprehensive guide to fortifying the security posture of Microsoft 365, covering essential aspects ranging from foundational security principles to advanced strategies for optimizing productivity without compromising security. From introducing the fundamental 
This article provides a comprehensive guide to deploying Active Directory and DNS Services on Windows Server 2022, encompassing the Essential, Standard, and Datacenter editions. Our guide also includes step-by-step instructions for promoting the Windows server to a Domain Controller (DC). To enhance user experience, we've included plenty of helpful screenshots, ensuring a smooth and uncomplicated installation process.
A Windows Active Directory Certification Authority server (AD CA), also known as a Certificate Authority, is an essential service to every organization’s Active Directory as it can manage, issue, revoke and renew digital certificates used to verify the identity of users, computers and other network services.
If your organization is planning to migration from a Hyper-V virtualization environment to VMware then this FREE webinar is just for you.
One of Windows Server 2016 highlights is the newer Hyper-V server that not only extends the hypervisor’s features and capabilities but also introduces a number of new enhancements and concepts that take virtualization to a new level.
This article describes the new Windows Server 2016 Licensing model (per-core licensing) Microsoft has implemented for its new server-based operating system. While the 
The new Hyper-V virtualization features offered by Windows Server 2016 are planning to make major changes in the virtualization market. From Nested Hyper-V, revolutionary security, new management options to service availability, storage and more.
Figure 3. Creating a new NIC Team in Windows Server 2012
Figure 4. Configuring Teaming Mode, Load Balancing Mode and NIC Team members
Figure 5. Viewing NIC Teams, their status, speed, Teaming mode, Load balancing mode and more
Figure 6. The newly created NIC Team Adapter in Windows 2012 Server
People and companies usually adopt a backup strategy suited to the needs of their working environment. As such, there is no absolute right or wrong method of backing up data however in order to backup and restore data swiftly and easily a comprehensive strategy is necessary, even though most virtualized platforms such as Hyper-V and VMware offer built-in backup-like features such as snapshots or ability to copy a whole virtual machine to another location.
Users working with Hyper-V Virtualization would be interested to know that Altaro is hosting a free webinar on the 25th of February 2016 at 4pm CET / 10am EST. Microsoft Cloud and Datacenter Management MVPs Didier Van Hoye and Andy Syrewicze will be answering questions on how to fix a broken Hyper-V Host or Hyper-V Cluster and will also be sharing some tales from the trenches.
As more companies around the world adopt the virtualization technology to increase efficiency and productivity, Microsoft’s Hyper-V virtualization platform is continuously gaining ground in the global virtualization market, as is the need for IT departments to provide rock-solid backup solutions for their Hyper-V virtualized environment.
Figure 1. Installation Welcome Screen
Figure 2. Altaro Hyper-V Installation Complete
Figure 3. Connecting to the Hyper-V Agent Remotely
There are umpteen reasons why your Windows Server 2012 R2 decides to present you with a Blue Screen of Death (BSOD) or the stop screen. As virtual machines become more prominent in enterprise environments, the same problems that plagued physical servers earlier are now increasingly being observed for crashes of virtual machines as well.
Microsoft introduced Fine-Grained Password Policy for the first time in Windows Server 2008 and the policy has been part of every Windows Server since then. Fine-Grained Password Policy allows overcoming the limitations of only one password policy for a single domain. A brief example is that we apply different password and account lockout policies to different users in a domain with the help of Fine-Grained Password Policies.
IT professionals frequently need connectivity and management tools. The Telnet Client is one of the most basic tools for such activities. Using this tool, you can connect to a remote Telnet server and run applications on it. This is also a very useful tool for testing the connectivity to remote servers, such as those running SMTP services, web services and so on. In this article we will discuss how to install or enable Telnet client for 
Microsoft Licensing for Virtual environments can become a very complicated topic, especially with all the misconceptions and false information out there. Thankfully Altaro, the leader in 
Figure 1. DNS Installation via Active Directory Services Deployment
Figure 2. Selecting Role-based or feature-based installation
Figure 3. Selecting the Server that will host the DNS server role
Figure 4. Selecting the DNS Server Role for installation
Figure 5. DNS Information
Figure 6. Confirm Installation Selections
Figure 7. Installation Progress
Figure 8. DNS Manager & DNS Zones
Figure 9. DNS Forwarders – Add your ISP or Public DNS Servers here
Figure 10. Advanced Options - Scavenging
Figure 11. Root Hints
Figure 12. Monitoring Tab – Configuring Automated DNS Test Queries
Figure 13. Event Logging
Figure 14. Debug Logging – Capturing DNS Packets & Configuring DNS Debugging
Figure 15. Zone Properties
Figure 16. Start Of Authority Settings
Figure 17. DNS Name Servers
Figure 18. Zone Transfers
The Domain Name System (DNS) is perhaps one of the most important services for Active Directory. DNS provides name resolution services for Active Directory, resolving hostnames, URLs and Fully Qualified Domain Names (FQDN) into IP addresses. The DNS Service uses UDP port 53 and in some cases TCP port 53 - when UDP DNS requests fail consistently. (Double-Check for Windows)
Our previous article explained 
Figure 
Figure 1. GPO Objects
Figure 2. Group Policy Settings
Figure 3. GPO Scenario
Figure 4. Open GPMC
Figure 5. Select FW Users and Create a GPO
Figure 6. Creating our Wallpaper Group Policy Object
Figure 7. Editing a Group Policy Object
Figure 8. Selecting and editing Desktop Wallpaper policy
Figure 9. Configure Desktop Wallpaper
Figure 10. User Login
Figure 11. Computer Desktop Wallpaper Changed
Hyper-V has proven to be a very cost effective solution for server consolidation. Evidence of this is also the fact that companies are beginning to move from VMware to the Hyper-V virtualization platform. This article will cover the Windows 2012 Hyper-V best practices, and aims to help you run your Hyper-V virtualization environment as optimum as possible.
Using Hyper-V Server virtualization technology, you can virtualize your physical environment to reduce the cost of physical hardware. As part of IT best practices, you implement monitoring solutions to monitor the Hyper-V Servers and virtual machines running on them. You also take necessary actions to provide security to production environment by means of installing antivirus software. Then it also becomes necessary that you implement a backup mechanism to restore the business services as quickly as possible using a Hyper-V Server Backup tool.
Add Role and Features
Traditional Server Deployment
Hyper-V Server Consolidation
Hyper-V Networking
Figure 2. Windows Server 2012 PowerShell
Figure 4. Windows Server 2012 - Storage Space
On the 1st of August, 2012 Microsoft released Windows Server 2012– the sixth release of the Windows Server product family. On May 21st 2013, Windows Server 2012 R2 was introduced and is now the latest version of Windows Server in the market. Microsoft has released four different editions of Windows Server 2012 varying in cost, licensing and features. These four editions of Windows Server 2012 R2 are: Windows 2012 Foundation edition, Windows 2012 Essentials edition, Windows 2012 Standard edition and Windows 2012 Datacenter edition.
The Show Desktop feature, included with almost all versions of Windows up to Windows 7, allows a user to minimize or restore all open programs and easily view the desktop. To use this feature, a user must simply click Show Desktop on the Quicklaunch toolbar to the right of the taskbar.
Windows 8 and Windows 8.1 (including Professional edition) operating systems provide the ability to turn your workstation or laptop into a secure wireless access point, allowing wireless clients (including mobile devices) to connect to the local network or Internet. This feature can save you time, money and frustration when there is need to connect wireless devices to the network or Internet but there is no access point available.
Figure 5. Network Connections – Ethernet Adapter Properties
Figure 6. Enabling sharing and selecting the newly created virtual adapter
Backing up your Windows License Product Key is essential for reinstallation of your Windows 8 or Windows 8.1 operating system. In some cases, the Genuine Microsoft Label or Certificate Of Authenticity (COA) containing the product key, is placed in an area not easily accessible by users e.g inside the battery compartment in newer ultrabooks/laptops, making it difficult to note the product key.
Figure 2. Running the script reveals our Product Key
Figure 3. Saving your Windows information to a text file
Thanks to the absence of dedicated serial ports on today’s laptops and ultrabooks, USB-to-Serial adapters are very popular amongst Cisco engineers as they are used to perform the initial configuration of a variety of Cisco equipment such as routers, catalyst switches, wireless controllers (WLC), access points and more, via their Console Port. The most common USB-to-Serial adapters in the market are based on Profilic’s PL2303 chipset.
Figure 1. Prolific Adapter in Device Manager
Figure 2. Prolific Adapter Error Code 10
Figure 3. Updating the Drivers from Device Manager
Figure 4. Select Browse my computer for driver software
Figure 5. Select Let me pick from a list of device drivers on my computer
Figure 6. Install Driver version 3.3.2.102
Figure 7. Driver successfully installed
Figure 8. Fully operational USB-to-Serial adapter
Figure 1. Creating a New Folder
Figure 2. Create a new folder & rename it to reveal GodMode
Figure 3. The GodMode Screen
Figure 1. Hosts & lmhosts.sam files in File Explorer
Figure 1. Running CMD as Administrator
Figure 2. The Administrative Command Prompt Windows 7
Figure 3. Finding Our Network Adapter ID
Figure 4. Verifying Our New Network Settings
Figure 5. Wireless Icon with no Exclamation Mark
Windows 8 & 8.1 hides two types of files so that normally, you do not see them while exploring your computer. The first type is the files or folders with their 'H' attribute set to make them hidden. The other type is Windows System files. The reason behind hiding these files is that users could inadvertently tamper with them or even delete those causing the operations of Windows 8/8.1 to fail. This article explains how you can configure Windows 8 or 8.1 to show all hidden files and folders, plus show Windows system files.
Figure 1. Icons in the Windows Panel
Figure 2. File Explorer showing hidden folders and files
Figure 3. Windows Charms
Figure 4. Control Panel
Figure 5. Control Panel - Folder Options
Figure 6. Folder Options Screen
This article shows you how to see hiddeen files and folders in Windows 7. Windows 7 hides important system files so that normally, you do not see them while exploring your computer.
Figure 1. Icons in the Windows Panel
Figure 2. Organize Menu
Figure 3. Show hidden files, folders and drives & Hide extensions for known file types
Figure 4. Start Menu
Figure 5. Appearance and Personalization screen
Figure 7. C: Drive showing hidden folders
Figure 1. Windows 8/8.1 in Safe Mode
Figure 2. Windows Key +X
Figure 3. Power User Tasks Menu
Figure 4. Administrative Command Prompt - Enable F8 Boot Function
Figure 5. Administrative Command Prompt - Disable F8 Boot Function
Figure 1. Search Settings
Figure 2. Advanced Settings Search Result
Figure 3. PC Settings
Figure 4. Choose Options
Figure 5. Troubleshoot Menu
Figure 6. Advanced Options Menu
Figure 7. Startup Settings Screen
Figure 8. Startup Settings Boot Menu
Figure 1. FW-CL1 IPconfig
Figure 2. System Settings
Figure 3. System Properties
Figure 4. Adding PC to Domain
Figure 5. Enter Domain Credentials
Figure 6. Member of Domain
Not many people are aware that Windows 7 has built-in capabilities that allow it to be transformed into a perfectly working access point so that wireless clients such as laptops, smartphones and others can connect to the local network or obtain Internet access. Turning a Windows 7 system into an access point is an extremely useful feature, especially when there is the need to connect other wireless devices to the Internet with no access point available.
Security researchers at qualys.com yesterday released information on a critical 15 year-old Linux security hole which affects millions of Linux systems dated back to the year 2000. The newly published security hole – code named ‘Ghost’ was revealed yesterday by Qualy’s security group on openwall.com.
In this article, we’ll show you how to setup or install Microsoft Windows 11 on VMware’s ESXi servers and bypass the Trusted Platform Module version 2.0 (TPM 2.0) requirement. We've also made the 
Windows 11 Installation Error in VMware ESXi
Businesses that rely on virtual machines for their day-to-day operations should think twice about securing their infrastructure. Modern use of virtual machines stems from the benefits of virtualization, which include accessibility, reduced operating costs, and flexibility, among others. But your virtual infrastructure becomes obsolete without proper security. One way to achieve that is through virtual machine backup and recovery solutions.
In this article we will cover the differences between VMware ESXi, vSphere and vCenter while also explain the features supported by each vSphere edition: vSphere Standard, Enterprise plus and Plantium edition. We will touch on the differences and limitations between VMware Workstation Player and VMware Workstation Pro, and also compare them with EXSi Free and EXSi Paid editions.
You will notice that this vSphere feature table contains many different technologies which are found in different VMware software components.
VMware Workstation Player and Pro both get installed onto your Windows PC or Laptop, on which you can run your virtual machines. Pro is interesting because you can run as many Virtual Machines as your Windows PC or Laptop hardware can handle making it a great bit of software for running live product demonstrations or testing without needing access to remote infrastructure managed by another team. The key element here is to ensure your laptop or PC has enough resources available (CPU/Cores, RAM and HDD space) for the Virtual Machines that will be running on it.
SysAdmin Day
When considering your 
Backup and Disaster recovery are core considerations for any business with an IT footprint, whether that is on-premises or in the cloud.
In the rapidly evolving landscape of IT operations, organizations are increasingly turning to Artificial Intelligence for IT Operations (AIOps) to streamline their processes, enhance efficiency, and overcome the challenges of managing complex and dynamic IT environments.
Event noise filtering with the help of AIOps (
Effective monitoring and management of 
As technology evolves, so do our networks. Today's sprawling network infrastructures are intricate ecosystems, demanding more from IT teams than ever before. Configuration management, compliance enforcement, and firmware & software updates are just a few of the growing requirements that strain manual processes.
In the rapidly evolving landscape of cyber threats, network security has never been more crucial. With the frequency and sophistication of cyberattacks escalating, organizations are under constant pressure to safeguard their networks. According to Sophos' 
Network alerts are vital for maintaining your network's health, efficiency, and security, ensuring seamless daily operations. They act as an 
Demands for Enterprise networks to properly support mobile users is on a continuous rise making it more than ever necessary for IT departments to provide high-quality services to its users. This article covers 4 key-areas affecting mobile users and Enterprise networks: Wi-Fi coverage (signal strength – signal-to-noise ratio), Bandwidth Monitoring (Wi-Fi Links, Network Backbone, routers, congestion), Shadow IT (Usage of unauthorized apps) and security breaches.
In today’s evolving threat landscape, firewall audits are more than just a best practice—they're a critical line of defense. Regular audits ensure your firewall configurations are aligned with organizational security policies, eliminate inefficiencies, and reduce exposure to cyber risks. Just as importantly, they help organizations maintain compliance with regulatory standards such as PCI DSS, HIPAA, SOX, and GDPR, avoiding costly penalties and reputational damage. Beyond compliance, effective firewall audits offer operational clarity and control, giving IT and security teams complete visibility into traffic flows and rule configurations.
A well-maintained and optimized firewall rule base is not just a best practice—it’s a necessity for maintaining a secure, high-performing, and compliant network.
In today's interconnected digital landscape, where businesses rely heavily on networked systems and the internet for their operations, the importance of cybersecurity cannot be overstated. Among the essential tools in a cybersecurity arsenal, firewalls stand as a frontline defense against cyber threats and malicious actors.
The utilization of log analyzers, such as 
In the wake of 
This is the process of managing and organizing your firewall rules. These firewall rules and policies dictate the traffic that is entering and exiting your network, and can also be used to block illegitimate traffic.
This article explores the exciting new features of Windows Server 2022 and emphasizes the critical role of analyzing Windows Server logs. You'll also discover how EventLog Analyzer provides comprehensive, helps you achieve 360-degree protection against threats targeting these logs, ensuring robust security for your server environment.
Windows Servers
An event log monitoring system, often referred to as an event log management, is a critical component to IT security & Management, that helps organizations strengthen their cybersecurity posture. It’s a sophisticated software solution designed to capture, analyze, and interpret a vast array of event logs generated by various components within an organization's IT infrastructure such as firewalls (
This article will help you understand TCP SYN Flood Attacks, show how to perform a SYN Flood Attack (DoS attack) using Kali Linux & hping3 and correctly identify one using the Wireshark protocol analyser. We’ve included all necessary screenshots and easy to follow instructions that will ensure an enjoyable learning experience for both beginners and advanced IT professionals.
This article explains how to detect a SYN Flood Attack using an advanced protocol analyser like Colasoft Capsa. We’ll show you how to identify and inspect abnormal traffic spikes, drill into captured packets and identify evidence of flood attacks. Furthermore we’ll configure Colasoft Capsa to automatically detect SYN Flood Attacks and send automated alert notifications .
Brute-force attacks are commonly known attack methods by which hackers try to get access to restricted accounts and data using an exhaustive list/database of usernames and passwords. Brute-force attacks can be used, in theory, against almost any encrypted data.
Colasoft Unified Performance Management (UPM) is a business-oriented network performance management system, which analyzes network performance, quality, fault, and security issues based on business. By providing visual analysis of business performances, Colasoft UPM helps users promote business-oriented proactive network operational capability, ensure the stable running of businesses, and enhance troubleshooting efficiency.
Peer-to-Peer file sharing traffic has become a very large problem for many organizations as users engage in illegal (most times) file sharing processes that not only consumes valuable bandwidth, but also places the organization in danger as high-risk connections are made from the Internet to the internal network and malware, pirated or copyrighted material or pornography is downloaded into the organization’s systems. The fact is that torrent traffic is responsible for over 29% of US Internet's traffic in North America, indicating how big the problem is.
Troubleshooting network problems can be a very difficult and challenging task. While most IT engineers use a network analyzer to help solve network problems, when analyzing hundreds or thousands of packets, it can become very hard to locate and further research conversations between hosts. Colasoft’s Capsa v8 now introduces a new feature that allows us to highlight-colorize relevant IP conversations in the network based on their MAC address, IP Addresses, TCP or UDP conversations.
Figure 1. Selecting our Time-Range, and IP Address of interest from Link Analysis
Figure 2. nChronos HTTP Reconstruction feature in progress.
Figure 3. The HTTP Reconstruction process completed
Troubleshooting network problems can be a very intensive and challenging process. Intermittent network problems are even more difficult to troubleshoot as the problem occurs at random times with a random duration, making it very hard to capture the necessary information, perform troubleshooting, identify and resolve the network problem.
When working with medium to large scale networks, IT departments are often faced dealing with network loops and 
The developers of the popular software PBX, 3CX, have announced another major update to their unified communications solution! The latest release, 3CX v15.5, makes the phone system faster, more secure and more reliable with a number of improvements and brand new features. 
Web-Client provides leading features packed in an easy-to-use GUI
IP PBX Web Client with integrated Web Conferencing Free of Charge!
Click-to-Call Feature from any Web page or CRM
Crazy as it might sound there is one Unified Communications provider who is giving out free fully functional cloud-based PBX systems without obligation from its users/customers.
Thanks to its support for any SIP-based IP phone and mobile device (iPhone, Android, iPad, Tablet etc.) the 3CX IP PBX has quickly become the No.1 preferred solution.
3CX
VoIP/ IP PBXs and Unified Communication systems have become extremely popular the past decade and are the No.1 preference when upgrading an existing or installing a new phone system. IP PBXs are based on the IP protocol allowing them to use the existing network infrastructure and deliver enhanced communication services that help organizations collaborate and communicate from anywhere in the world with minimum or no costs.
Recent and continuous website security breaches on large organizations, federal government agencies, banks and thousands of companies world-wide, has once again verified the importance of website and web application security to prevent hackers from gaining access to sensitive data while keeping corporate websites as safe as possible. Though many encounter a lot of problems when it comes to web application security; it is a pretty heavy filed to dig into.
Without web hosting services most websites would not exist. The most popular methods to host web applications are:regular hosting, where your web application is hosted on a dedicated server that is intended for your website only, and shared hosting, where you share a web server with other users who will in turn run their own web application on the same server.
Most successful attacks against web applications are due to insecure code and not the underlying platform itself. Case in point, 
When using software that has been developed by a third party, the best way to ensure that the code is secure would be to apply the latest updates. A simple web application will make use of numerous components that can lead to successful attacks if left unpatched. For example, both PHP and MySQL were vulnerable to exploits at a point in time but were later patched, and a default Linux webserver installation will include multiple services all of which need to be updated regularly to avoid vulnerable builds of software being exploited.
While updating software will ensure that no known vulnerabilities are present on your system, there may still be entry points where an attacker can access your system that have been missed in our previous tips. This is where firewalls come into play. A firewall is necessary as it will limit traffic depending on your configuration and can also be found on most operating systems by default.
No amount of code reviews and updates can ensure that the end product is not vulnerable and cannot be exploited. Code reviews are limited since the executed code is not being analysed, which is why web vulnerability scanning is essential. Web scanners will view the web application as a black box, where they will be analysing the finished product, which is not possible with white box scanning or code reviews. Meanwhile, some scanners will also provide you with the option to perform grey box scanning, by combining website scans and a backend agent that can analyse code.
It is imperative to know if your web application has been subjected to an attack. Monitoring the web application, and the server hosting it, would be the best way to ensure that even if an attacker gets past your defence systems, at least you will know how, when and from where it happened. There may be cases when a website is brought offline due to an attack and the owner would not even know about the incident but will find out after precious time has passed.
Monitoring, Auditing and obtaining Security Alerts for websites and blogs based on popular CMS systems such as WordPress, has become a necessity. Bugs, security exploits and security holes are being continuously discovered for every WordPress version making monitoring and auditing a high security priority. In addition, multi-user environments are often used for large WordPress websites, making it equally important to monitor WordPress user activity.
SQL Injections have been keeping security experts busy for over a decade now as they continue to be one of the most common type of attacks against webservers, websites and web application servers. In this article, we explain what a SQL injection is, show you SQL injection examples and analyse how these type of attacks manage to exploit web applications and webservers, providing hackers access to sensitive data.
A few weeks back Security Weekly interviewed Ferruh Mavituna, Netsparker’s CEO and Product Architect. Security Weekly is a popular podcast that provides free content within the subject matter of IT security news, vulnerabilities, hacking, and research and frequently interviews industry leaders such as John Mcafee, Jack Daniel and Bruce Schneier.
8th of May 2015, Netsparker annouced yesterday the discovery of critical security vulnerability contained an HTML file found on many WordPress themes, including WordPress.org hosted websites. As reported by Netsparker the specific HTML file is vulnerable to cross-site scripting attacks and session hijack. WordPress.org has already issued an official annoucement and patch (v4.2.2) and recommends WordPress administrators update their website files and themes.
In the world of information security there exist many tools, from small open source products to full appliances to secure a system, a network, or an entire corporate infrastructure. Of course, everyone is familiar with the concept of a firewall – even movies like Swordfish and TV shows like NCIS have so very perfectly described, in riveting detail, what a firewall is. But there are other, perhaps less sexy utilities in a security paradigm.
Many websites and web applications are like a human fingerprints, with no two being alike. Of course, many websites may use a common backend engine – Wordpress, an MVC framework like Laravel or Ruby on Rails, etc. – but the layers on top of those engines, such as plugins or custom coded additions, are often a quite unique collection. 
Have you ever tried to make a list of all the attack surfaces you need to secure on your networks and web farms? Try to do it and there will be one thing that will stand out; keeping websites and web applications secure. We have firewalls, IDS and IPS systems that inspect every packet that reaches our servers and are able to drop it should it be flagged as malicious, but what about web applications?
Many automated security tools exist not to test and find security holes, but to exploit them when found. Black-hat hackers intent on disrupting your web application possess automated suites as well, because they too, know a manual approach is a waste of time (that is, until they find a useful exploit, and by then it’s sometimes too late).
Netsparker use open source web applications such as Twiki for a total different purpose than what they were intended for. They used them to test their own web application security scanners.
Long gone are the days where a simple port scan on a company’s webserver or website was considered enough to identify security issues and exploits that needed to be patched. With all the recent attacks on websites and webservers which caused millions of dollars in damage, we thought it would be a great idea to analyze the implications vulnerable webservers and websites have for companies, while providing useful information to help IT Departments, security engineers and application developers proactively avoid unwanted situations.
In late February – early March 2014, the eBay database that held customer names, encrypted passwords, email addresses, physical addresses, phone numbers, dates of birth and other personal information, was compromised, exposing sensitive information to hackers. [Source: bgr.com website]
In June 2014, JPMorgan Chase bank was hit badly and had sensitive personal and financial data exposed for over 80 million accounts. The hackers appeared to obtain a list of the applications and programs that run on the company’s computers and then crosschecked them with known vulnerabilities for each program and web application in order to find an entry point back into the bank’s systems.
In February 2014, the Forbes.com website was succumbed to an attack that leaked over 1 million user accounts that contained email addresses, passwords and more. The Forbes.com Wordpress-based backend site was defaced with a number of news posts. [Source: cnet.com website]
In January 2014, Snapchat’s popular website had over 4.6 million usernames and phone numbers exposed due to a brute force enumeration attack against their Snapchat API. The information was publicly posted on several other sites, creating a major security concern for Snapchat and its users.
In 2013 a massive underground attack was uncovered, revealing that over 160 million credit and debit cards were stolen during the past seven years. Five Russians and Ukrainians used advanced hacking techniques to steal the information during these years. Attackers targeted over 800,000 bank accounts and penetrated servers used by the Nasdaq stock exchange.
In 2010, a major security breach on AT&T’s website compromised over 114,000 customer accounts, revealing names, email addresses and other information. AT&T acknowledged the attack on its webservers and commented that the risk was limited to the subscriber’s email address. 
In 2013, during the period 27th of November and 15th of December more than 98 million credit and debit card accounts were stolen from 1,787 Target stores across the United States. Hackers managed to install malware on Target’s computer systems to capture customers cards and then installed an exfiltration malware to move stolen credit card numbers to staging points around the United States in order to cover their tracks. The information was then moved to the hackers computers located in Russia.
This article expands on our popular 
In June 2014, Evernote and Feedly, working largely in tandem, went down with a DDoS attack within two days of each other. Evernote recovered the same day, but Feedly had to suffer more. Although there were two more DDoS attacks on Feedly that caused it to lose business for another two days, normalcy was finally restored. According to the CEO of Feedly, they refused to give in to the demands of ransom in exchange for ending the attack and were successful in neutralizing the threat.
Domino's Pizza had over 600,000 Belgian and French customer records stolen by the hacking group Rex Mundi. The attackers demanded $40,000 from the fast food chain in exchange for not publishing the data online. It is not clear whether Domino's complied with the ransom demands. However, they reassured their customers that although the attackers did have their names, addresses and phone numbers, they however, were unsuccessful in stealing their financial and banking information. The Twitter account of the hacking group was suspended, and they never released the information.
Companies and users around the world are struggling to keep their network environments safe from malicious attacks and hijacking attempts by leveraging services provided by high-end firewalls, Intrusion Detection Systems (IDS), antivirus software and other means. While these appliances can mitigate attacks and hacking attempts, we often see the whole security infrastructure failing because of attacks initiated from the inside, effectively by-passing all protection offered by these systems.
Cybercriminals are now focusing their attention on small and mid-sized businesses because they are typically easier targets than large, multinational corporations.
This is the age of networks. Long ago, they said, ‘the mainframe is the computer’. Then it changed to ‘the PC is the computer’. That was followed by ‘the network is the computer’. Our world has been shrunk, enlightened and speeded up by this globe encapsulating mesh of interconnectivity. Isolation is a thing of the past. Now my phone brings up my entire music collection residing on my home computer. My car navigates around the city, avoiding traffic in real time. We have started living in intelligent homes where we can control objects within it remotely.
secure documents were stolen. This resulted in an internal cyber man-hunt. The bait was laid and all further intrusions were monitored. A team of 50 Federal Agents finally tracked down 2 hackers who were using US based social networking systems to hack into the Airforce Base. But it was later revealed that the scope of intrusion was not just limited to the base itself: they had infiltrated a much bigger military organisation. The perpetrators were hackers with the aliases of ‘datastreamcowboy’ and ‘kuji’.
2005: Miami, Florida. A Miami hacker made history in cyber theft. Alberto Gonzales would drive around Miami streets looking for unsecured wireless networks. He hooked onto the unsecure wireless network of a retailer, used it to reach the retailer’s headquarters and stole credit card numbers from its databases. He then sold these card details to Eastern European cyber criminals. In the first year, he stole 11.2 million card details. By the end of the second year he had stolen about 90 million card details.
The “Cisco Firepower and Advanced Malware Protection Live Lessons” video series by Omar Santos is the icing on the cake for someone who wants to start their journey of Cisco Next-Generation Network Security. This video series contains eight lessons on the following topics:
Kevin Wallace is a well-known name in the Cisco industry. Most Cisco engineers and Cisco certification candidates know Kevin from his 
Vivek Tiwari holds a Bachelor’s degree in Physics, MBA and many certifications from multiple vendors including Cisco’s CCIE. With a double CCIE on R&S and SP track under his belt he mentors and coaches other engineers. 
Akhil Behl is a Senior Network Consultant with Cisco Advanced Services, focusing on Cisco Collaboration and Security architectures. He leads Collaboration and Security projects worldwide for Cisco Services and the Collaborative Professional Services (CPS) portfolio for the commercial segment. Prior to his current role, he spent 10 years working in various roles at Linksys, Cisco TAC, and Cisco AS. He holds CCIE (Voice and Security), PMP, ITIL, VMware VCP, and MCP certifications.
GFI has once again managed to make a difference: They recently published a free eBook named "Cloud-based network monitoring: The new paradigm" as part of their GFI Cloud offerings.
The screenshot above gives you an idea of what the Server Administration page looks like, which is the first page that would open up once the user has logged in. This is the System Information page. On the left pane you will find several other pages to look at i.e. Basic Settings which displays default port info and HDD info of the host machine, User Account (name says it all), and Audit Log (which will basically show the audit trail of user activity.) 
The Internet connection is vital for many Small to Medium or Large-sized enterprises, but it can also be one of the biggest headaches. How can you know who is doing what? How can you enforce a usage policy? And how can you protect your organisation against internet-borne threats? Larger companies tend to have sophisticated firewalls and border protection devices, but how do you protect yourself when your budget won’t run to such hardware? This is precisely the niche GFI has addressed with GFI WebMonitor.
Many of the displays are clickable allowing you to easily drill down into the data, and if you hover the mouse you’ll get handy pop-up explanations. We were able to go from the overview to the detailed activities of an individual user with just a few clicks. A user here is a single source IP, in other words a particular PC rather that the person using it. Ideally we would have liked the product to query the Active Directory domain controller and nail down the actual logged-on user but to be honest given the reasonable price and the product’s undoubted usefulness we’re not going to quibble.
GFI Software has just revealed GFI OneConnect Beta – its latest Advanced Email Security Protection product. GFI OneConnect is a comprehensive solution that targets the safe and continuous delivery of business emails to organizations around the world.
Ensuring users follow company policies when accessing the internet has become a real challenge for businesses and IT staff. The legal implications for businesses not taking measures to enforce acceptable user policies (where possible) can become very complicated and businesses can, in fact, be held liable for damages caused by their users or guests.
For every business, established or emerging, the Internet is an essential tool which has proved to be indispensable. The usefulness of the internet can be counteracted by abuse of it, by a business’s employees or guests. Activities such as downloading or sharing illegal content, visiting high risk websites and accessing malicious content are serious security risks for any business.
In this era of constantly pushing for more productivity and greater efficiency, it is essential that every resource devoted to web access within a business is utilised for business benefit. Unless the company concerned is in the business of gaming or social media, etc. it is unwise to use resources like internet/web access, and the infrastructure supporting it, for a purpose other than business. Like they say, “Nothing personal, just business”
In our previous article we analysed the risks and implications involved for businesses when there are no security or restriction policies and systems in place to stop users distributing illegal content (torrents). We also spoke about unauthorized access to company systems, sharing sensitive company information and more. This article talks about how specialized systems such as WebMonitor are capable of helping businesses stop torrent applications accessing the internet, control the websites users access, block remote control software (Teamviewer, Remote Desktop, Ammy Admin etc) and put a stop to users wasting bandwidth, time and company money while at work.
Senior IT Managers, engineers and administrators surely remember the days where controlling TCP/UDP ports at the Firewall level was enough to block or provide applications access to the internet. For some years now, this is no longer a valid way of application control, as most ‘unwanted’ applications can smartly use common ports such as HTTP (80) or HTTPS (443) to circumvent security policies, passing inspection and freely accessing the internet.
Apart from the imminent security risk, users who have uncontrollable access are also wasting bandwidth – that’s bandwidth the organization is paying for - and are likely to slow down the internet for the rest who are legitimately trying to get work done. In cases where VPNs are running over the same lines then VPN users, remote branches and mobile users are most likely to experience slow connection speeds when accessing the organization’s resources over the internet.
One of the largest problems faced by organizations of any size is effectively controlling user internet access (from laptops, mobile devices, workstations etc), minimizing the security threats for the organization (ransomware – data loss prevention), user copyright infringement (torrent downloading/sharing movies, games, music etc) and discover where valuable WAN-Internet bandwidth is being wasted.
Most Businesses are completely unaware of how serious these matters are and the risks they are taking while dealing with other ‘more important’ matters.
While illegal downloading is one major threat for businesses, stopping users sharing company data and sensitive information (aka Data Loss Prevention or DLP) is another big problem.
In late 2015, popular Ammy Admin – a remote control software, was 
Figure 2. GFI LanGuard custom software deployment using a parameter for silent installation
GFI LanGuard Agents are designed to be deployed on local (network) or remote servers and workstations. Once installed, the GFI LanGuard Agents can then be configured via LanGuard’s main server console, giving the administrator full control as to when the Agents will scan the host they are installed on, and communicate their status to the GFI LanGuard server.
This article shows how any IT Administrator, network engineer or security auditor can quickly scan a network using GFI’s LanGuard and identify the different systems such as Windows, Linux, Android etc. More importantly, we’ll show how to uncover vulnerable, unpatched or high-risk Windows systems including Windows Server 2003, Windows Server 2008, Windows Server 2012 R2, Domain Controllers, Linux Servers such as RedHat Enterprise, CentOS, Ubuntu, Debian, openSuse, Fedora, any type of Windows workstation (XP, Vista, 7, 8, 8.1,10) and Apple OS X.
Cisco announced a major update to their CCNA, CCNP and CCIE certification program at Cisco Live last week, with the changes happening on the 24th February 2020.
So you’ve heard all about Windows Server 2019 - now you can see it in action in a live demo webinar on November 8th! The last WS2019 webinar by Altaro was hugely popular with over 4,500 IT pros registering for the event. Feedback from gathered with that webinar and the most popular features will now be tested live by Microsoft MVP Andy Syrewicze. And you’re invited!
Downloading all necessary drivers and firmware upgrades for your HP Proliant server is very important, especially if hardware compatibility is critical for new operating system installations or virtualized environments (VMware – HyperV). Til recently, HP customers could download the HP Service Pack (SPP) for Proliant servers free of charge, but that’s no longer the story as HP is forcing customers to pay up in order to get access to its popular SPP package.
February 23, 2016 – Colasoft LLC, a leading provider of innovative and affordable network analysis solutions, today announced the availability of Colasoft Capsa Network Analyzer v8.2, a real-time portable network analyzer for wired and wireless network monitoring, bandwidth analysis, and intrusion detection. The data flow display and protocols recognition are optimized in Capsa Network Analyzer 8.2.
Figure 1. Dual firewall configuration 
Broadband access to the Internet by cable modem promises users lightning-fast download speeds and an always-on connection. And recent converts to broadband from dial-up technology are thrilled with complex Web screens that download before their coffee gets cold.
Firewall.cx’s download section now includes the 
Cisco Lab No.3 - Three high-end Cisco switches flooded in blue lighting, making VLAN services a reality.
