All Questions
22
questions
0
votes
0
answers
71
views
System audit of hardened device regarding certificate handling
I am tasked with auditing the default configuration (system configuration, default applications...) that is set for some computers before they are given to users.
Though I have never seen it anywhere, ...
0
votes
1
answer
714
views
LAN Only Webserver
I am on a 192.x.x.x network and have a local server that hosts some webapps for the local users of the network. The server is running:
Ubuntu
VPN
Nginx Reverse Proxy with the site.conf including: ...
0
votes
2
answers
1k
views
How to perform a security test/review/penetration testing of Ethernet ports?
I have been engaged by a client who wants its Ethernet ports checked to determine whether port security is functioning effectively.
What can be the approach or steps to do check Ethernet port ...
1
vote
1
answer
253
views
How could the Chinese Communications Authority find a backdoor on my website?
I host a legacy HTTP website on my own hardware in China. It was attacked due to the Struts file upload flaw last month. But yesterday, Communications Authority in my province alarmed me, there is ...
1
vote
1
answer
1k
views
Security auditing - disabling IP forwarding and ICMP packets redirects
I've recently started working as a security auditor and my mentor gave me some homework to write an Ubuntu security audit script so that I'll get to learn to use batch scripting and understand ...
1
vote
0
answers
123
views
UDF Client, Socket Binding and Tags Hack - Need Help [closed]
Background
For a long time now, I've been working to remove a persistent, if not permanent, malware presence on my computers and phones. Every attempt at removal has been unsuccessful to date, by me ...
3
votes
1
answer
921
views
Is IP address whitelisting useful if the IP address is not “secret”?
I'm working on an application that will have access to API keys supplied by our users. The application makes API calls on behalf of our users.
The API we're using allows users to whitelist IP ...
3
votes
2
answers
418
views
Guest wireless network is directly connected to internal LAN. How bad is this?
At my work, there is a wireless network that is on the same subnet as the servers, printers and user machines. This wireless network allows users to have access to shared network drives as if the ...
1
vote
1
answer
353
views
How to pick an enterprise VPN provider?
We have always deployed our own VPN using an open source package, but as our company is growing we've become increasingly aware of the importance of scaling this solution, especially now we operate ...
1
vote
1
answer
120
views
Between point to point connectivity and remote network access, which is riskier?
Between point to point connectivity and remote network access, which is riskier? If I have a third party accessing my company's network, which are the different modes through which they can access and ...
2
votes
1
answer
221
views
Is it common for all hard / USB drives to be accessible to everyone on a network?
Every PC can map to any other PC's hard drive(s) / USB drive(s) on the network where I work. When I realized this I thought it was odd. All one needs to do is access the (Start) button then type \\...
3
votes
2
answers
3k
views
How can I get a fiddler-style trace of an iPhone / Android?
I want to audit the HTTP and HTTPS activity of apps downloaded onto my mobile device. What is the best way to do this?
I own the device, can add a root certificate, and can connect the running ...
0
votes
3
answers
1k
views
How to safely mirror network traffic for audit reasons?
We have an internet connection that we need to audit:
INTERNET ->> ROUTER ->> CLIENTS
our idea would be to put a (enough big) HUB before the router (router, that logs in via pppoe to ...
0
votes
2
answers
2k
views
Basic Security Knowledge [closed]
Perhaps I am being both naive and overly ambitious in my first post but I have a huge interest in learning about network and system security and am at a loss as to where to begin. I realize that stack ...
2
votes
2
answers
305
views
How can I be sure my former employer no longer has access to my computer? [closed]
How can I be sure now that I no longer work for a certain company that they are not accessing my computer from their side. Strange things happen ( someone remove a certain set of my friends on ...