Questions tagged [network-access-control]
The network-access-control tag has no summary.
97 questions
0
votes
1
answer
187
views
How secure is a network HSM connection with TLS disabled, relying only on IP ACLs and PKCS#11 slot PINs?
If TLS is disabled on a network-attached Hardware Security Module (HSM), but the device still enforces:
IP-based access control (only whitelisted client IPs can connect),
and
PKCS#11 slot PIN ...
- 101
5
votes
1
answer
2k
views
Using my own CA for home VPN -- too much or not enough?
I recently set up a "homelab," so to speak, with several machines that have personal data and applications that I'd like to be able to use on the go. I set up a KeepassXC database secured ...
- 153
3
votes
2
answers
775
views
Are client certificates a secure way of having publicly facing SQL database?
Quick Context:
I often come across videos where people build apps using SQL database services alongside serverless functions (like AWS Lambda, Vercel, and others) without setting up a VPC to keep the ...
1
vote
0
answers
83
views
How does the Noise Protocol Framework provide authenticity in overlay networks like Nebula?
In addition to my question: Is a Nebula overlay network essentially a peer-to-peer mesh network with mutual TLS?.
How does the Noise Protocol Framework work exactly? Especially, how does it provide ...
- 7,715
0
votes
1
answer
135
views
Whitelist at network level, application level, or both?
I have a public-facing SFTP instance. When applying the whitelist/allow-list of IP addresses that are allowed to connect to this instance, should I enforce the list on the network/firewall level, the ...
0
votes
1
answer
391
views
How to prevent spam attacks from rotating proxies
My website has hundreds of thousands of html pages that are open to public. Each time a html page is requested, a call will be made to my database to get the correct data. Therefore the cost of each ...
- 1
0
votes
0
answers
143
views
Perimeter IP Address Blocking
Currently we have a Palo Alto FW that serves as our perimeter devices for our network. We are required by our contract to block certain IP addresses. Over time this list has grown to almost 150k ...
- 1
1
vote
1
answer
259
views
How to prevent AD object information export by a LDAP Export tool from workgroup computer
I have a question regarding Active Directory Security. I can export Active Directory Object information by any 3rd party LDAP Export tool from any workgroup computer which is connected in my network. ...
0
votes
0
answers
140
views
Can I setup and enforce additional WiFi connection (and password) requirements on managed laptops using Windows or MacOS?
Can I setup and enforce additional WiFi connection (and password) requirements on managed laptops using Windows or MacOS?
Such as:
blocking (or entirely hiding) the option to connect to open networks
...
- 7,715
3
votes
1
answer
1k
views
Is WPA2-Enterprise a more secure protocol designed to protect WiFi communication compared to WPA3-Personal?
Perhaps an unconventional comparison. If we ignore device compatibility for a moment and compare security features of WPA3(-three)-Personal with WPA2(-two)-Enterprise. Which is most secure and why is ...
- 7,715
1
vote
1
answer
213
views
What are the risks with PPTP (MS-CHAPV1/V2)?
What are the risks with PPTP (MS-CHAPV1/V2)? Are the only ways that it can be exploited are if someone already has access to the network and can ARP poison etc or capture packets some way? Or can it ...
- 11
2
votes
2
answers
558
views
Does my ISP sees that I am using someone else's PPPoE username/password?
I want to ask that does my ISP will be able to see that I am using username/password of someone else on my dialup PPPoE.
- 23
2
votes
1
answer
191
views
Does opening an IPsec tunnel compromise the rest of my VPN?
Let's assume:
I allow all of my VPN users to connect to various internal services (VPN's IP is allow listed)
My VPN will be connected to a 3rd party network via IPSec Site-2-Site Tunnel. The purpose ...
- 183
3
votes
1
answer
699
views
Same network steal data?
Say my home network has a wifi-password and my friends are connected to it (since I gave them my wifi-password).
Is it possible for me to read their data transfer?
If yes, then it would also be ...
- 33
1
vote
1
answer
193
views
What is the exact security benefit of disconnected environments?
In large organizations, I often see sysadmins mirroring all the stuff they need from the internet locally (container images, rpm and deb packages) for local consumption, with the burden of keeping the ...
- 111