Security and Automation
IDS/IPS
With snort 2.9 IDS MODE, create the following rules:
All attempts to login to shares are logged to your PC (share is SMB2.0 on port 139)
Any attempt by a foreign DHCP server to hand out IP addresses will be stopped.
If someone surfs to a url with the word “porn” in it, they will receive an alert.
Related
I have deployed a Network License Manager for MATLAB 2022b Azure Virtual Machine (VM) from the Azure Marketplace. The deployment spins up a Windows Server 2019 VM of Standard_B1s class and it seems to be successful because I can ssh, from WSL, and RDP to the VM. However, if I try to access the license manager portal through a browser from home or office, with either Firefox or MS Edge I get the much dreaded "The connection has timed out" and "Hmmm… can't reach this page xxx.yyy.zzz.www took too long to respond" respectively.
I have the following inbound and settings rules in my Network Security Group (NSG). All the rules have been set up by the VM and I have only changed the priorities of allow-https and allow-ssh to 100 and 110 respectively and the fake Source address that I input at the VM configuration page to 0.0.0.0/0 I have restarted the VM after to propagate the changes.
Inbound and outbound rules of the VM NSG
This aerospace engineer is totally stuck because the (MATLAB) license manager only starts if a license file is loaded through the portal and the portal can only be accessed through the browser. I have also tried to start the license manager at the command line but failed.
If you are trying to access your vm in browser, Check the network firewall rule of service and inside of the vm check the port 22 is actually operational.
"The connection has timed out" error usually occurs if you have installed firewall or security software on your computer it may be preventing access to the virtual machine.
In your task bar type windows defender firewall -> change notification setting
Turn off window defender firewall like below:
Disable the firewall and try to activate port 22 by using below commands like below:
sudo ufw disable
sudo ufw status
ufw allow 22/tcp
Try to check license server details to make sure that you are using the correct hostname and port number.
Check whether the client machine is authorized to use the licenses on the license server.
If still the issue persists, try to restart the license and client machine and try.
Now try to access Network license manager via browser and check
Reference:
Run Network License Manager from Microsoft Azure - MATLAB
I ended up deleting the original VM and all its accoutrements and started a new one that works.
I'm trying to find an answer to the fact that everytime I want to connect an organizations account in the Account settings in VM, I cannot RDP anymore.
During the creation of the VM, I enable the Azure AD join extension.
Does this has to do anything about user log -in conflict.
I log in to the VM with my Admninistrator credentials.
Any idea would be highly recommended.
The VM is Windows 10 OS.
To avoid these issues, you can use Windows 10 Fall Creators update (1709) is a separate app that provide updated version systems current and safer defense-in-depth features that prevent evolving malware and other vulnerabilities from impacting your device,
To connect RDP, you need to add inbound port rule
In azure portal -> virtual machine -> Networking -> Add inbound port rule -> Add
Note : if you are using port 3389 kindly update destination port ranges as 3389 and name as port_3389
If you already added inbound rule and still you are facing issue refer this Microsoft document for more information
Following a how-to book's guide on setting up a VM through the Azure Portal and getting the error when trying to connect
Remote Desktop can't connect to the remote computer for one of these reasons: 1) Remote access to the service is not enabled 2) The remote computer is turned off [Verified through the Azure Portal it is turned on because Start is faded, while Restart and Stop are not] 3) The remote computer is not available on the network.
The error occurs before I'm able to enter any credentials - it doesn't find the IP at all. The RDP file details (IP removed of course):
full address:s:[IPAddress]:3389
prompt for credentials:i:1
administrative session:i:1
What I've tried:
Even though the How-To book doesn't show where/how to specify a port, when I download the RDP file from the Connect option, it specifies the port 3389. The book seems to imply that simply downloading this file and connecting will work and there's no need to specify the port. I get the above error.
Flushed DNS on my computer, ipconfig /flushdns
In the Network Security Group option for the VM, I verified that port 3389 allowed any source and wasn't specific.
I did miss associating the subnet part of the Network Security Group to a virtual network, so I did associate my NSG with the default subnet set up for my Virtual Network.
From the Quick start option, I don't see how to connect to this either; I'm guessing, I need to specify a different port, but don't see where to do it here either => Update: this appears to be in the Network Security Group's Inbound security rules in the Azure portal.
Boot Diagnostics option shows the login screen. A ping to the IP address fails four times with "Request timed out."
Note: this is not a Virtual Machine (classic).
just wanted to share what worked for me.
After receiving an error prompt:
Connect is disabled for this virtual machine because of the following
issues: Network interface 'vmwindows1094': Network security group
'VMWindows10-nsg' does not have inbound security rule that allows port
3389. VMWindows10-nsg
I have added an inbound port rule. Under VM > Settings > Add inbound port rules.
Port: 3389 Protocol/Source/Destination: Any (this can be configured based on your security rules) Action: Allow
On the Azure portal, Select your VM -> Settings -> Boot diagnostics. Make sure that you can see the login screen. You might need to enable diagnostics (under Monitoring section) if not enabled already.
If you don't see the login screen, trying the 'Redeploy' option under 'Support and Troubleshooting' section of settings.
If you can see that the machines has booted correctly, the connectivity issue might be because of a firewall at your end or on the VM. See if you can ping the machine. If you are behind a corporate firewall, try connecting from elsewhere and check your PC's firewall.
Creating a new Virtual Machine on the new portal now creates a NSG (Network Security Group) along with the VM. You should be able to find it under all resources, same name as you VM. Make sure that there is an Inbound rule configured for Remote desktop (it is created by default but might be worth checking).
I had the same problem but adding an inbound security rule was not sufficient (although it is also needed).
I had to go to virtual machines > (myVm) > Reset password and then choose Reset configuration only
Try checking your VM has enough memory.
I had tried all of above suggestions and still didn't manage to access.
After trying many times I managed to get in a message appeared saying:
Your Computer is low on memory
Not 100% sure that was the reason though.
I faced the same issue. I had created an Azure VM but wasn't able to connect to it using RDP.
The culprit was a default "Inbound Port Rule" due to which all the inbound traffic was being blocked.
The solution is to create a new rule by clicking the "Add Inbound Port Rule" and allow traffic from port 3389. Make sure that the priority of this new rule is greater than the "DenyAllInBound" rule otherwise our new rule will not have any effect.
After adding the rule, try connecting to the VM using its public IP in RDP and you should be able to connect.
This worked for me, hope it helps you as well.
One of our client wants to do port forwarding to the crm server , so that users can access the crm from Internet. They are using ZyXel firewall (for port forwarding).
They have mapped 203.xx.xx.xx(public ip) to 192.Xx.xx.xx(local ip) with incoming and outgoing port 5555(default port of our crm server), but it doesn't work. Any suggestions?
I tried to map for rdp and sql report server(web server), these things are able to access.
I have been stuck with this more than a day. Can anyone please help
It's more common to see full IFD implementation with crm 2011, since SSL allows for more security. I do think it's possible to configure CRM to work with just regular port forwarding though, although I have never done it myself.
Take a look here: http://www.mscrmguru.com/2013/05/exposing-microsoft-dynamics-crm-2011.html
Examples of software that can be used for port forwarding includes
Microsoft Forefront Treat Management Gateway (TMG) and Microsoft
Forefront Unified Access Gateway. Basically what it comes down to is
the following:
The user enters an internet address e.g. http://crm.mycompany.com.au
The internet address is recognised and points to the external
registered IP address e.g. 162.123.123.11
The external IP address is redirected to your internal IP address
through your reverse proxy / tunnelling / port forwarding e.g.
10.0.0.10
The user enters username and password and gets authenticated.
The Microsoft Dynamics CRM 2011 pages is displayed to the user.
Finally I solved the issue by binding port 80 to the crm website in IIS. Not sure why 5555 port didnt work, even though the port is opened in the firewall.
You have to add a corresponding Policy Control to pair with the corresponding NAT rule otherwise when the NAT / port forwarding rule is applied, it will be directed to the stateful packet inspection part of the device controlled by the Policy Control rules and be dropped from that point forward.
Policy Control is found by selecting the Configuration menu option (looks like two yellow gear or cogs whatever you call them), then selecting Security Policy, then Policy Control.
The rule structure is similar to NAT, except on this screen you permit or deny traffic based on ZONES that maps to any physical or logical interface configured. In most cases, you want to permit port 5555 traffic coming from the WAN zone from ANY IP address, to the LAN, DMZ or VLAN zones to the IP of the host or object configured in the ZyXEL firewall.
You'll want to ensure that port 5555/TCP or 5555/UDP, whichever is applicable to permit, is configured as a Service Object under the Configuration->Object->Service menu.
Configuring the service before will allow easy setup afterwards when setting your NAT and policy rules, because you'll be able to select the new service object instead of entering ports only. It's also required to set a service object anyways for all Policy Routes.
It feels like the work has been done twice, but NAT and Policy Routes are two different things that have to be configured to allow most kinds of non-standard traffic. You admin might have had an easier time configuring other rules such as HTTP, FTP, SMTP and various common services, because the firewall has built-in objects for those services, which makes configuring rules for services running non-standard high-range ports a little but more tricky.
I've setup Azure point to site and I'm able to connect from my computer to an Azure VM (file share). I'm also able to ping my computer IP address from the Azure VM. However, I'm not able to connect to any resource on my local computer. When trying to access a file share on my computer from the Azure VM I get the following error:
file and print sharing resource (169.254.108.240) is online but isn't responding to connection attempts.
The remote computer isn’t responding to connections on port 445, possibly due to firewall or security policy settings, or because it might be temporarily unavailable. Windows couldn’t find any problems with the firewall on your computer.
Port 445 is enabled on my local computer:
netsh firewall set portopening TCP 445 ENABLE
As an additional test If I issue a \169.254.108.240 from my local computer point to itself it works fine. The same try from the Azure VM gives me the error above.
Thanks,
Your IP address (169.254.*) is a non-routable address. You'll need to get a valid IP (say with DHCP, or set manually) and allow connections to your machine. If you have a firewall, this means adding a NAT rule to it.
If possible, try making the connection from another computer on your LAN to isolate any other firewall/Azure issues.
I think you have to consider several concepts while implementing azure network, first try to put point to site network on a different range of IPs (like 10.4.0.0) then try to disable firewall on your computer and try again, if you have proper routing device it should go through and get the feedback form the local machine.