Yes, I would like to test Snort IDS/IPS module. Thanks!

I'm sure there will be tools to help you in Kali and Metasploit, but I have no experience myself.

Me as well, I do not have any experience with Kali Linux. I am thinking maybe a simple free application to install in Windows 10 that can quickly and safely simulate an intrusion attack. I have to do in remotely since I am now working from home due to the pandemic.

Hi Kali is now available integrated into Windows 10

Thank you Doug100

Hi Kali is now available integrated into Windows

@mags If you want to get this done and don't have time I suggest you approach a cyber security testing company, yes they are expensive however if you just want to test one or two simple functions I cannot imagine it being to bad cost wise. 

 

 

Hi BlakeRichardson,

 

That would be the last option I would like to take because it will be a lot more complicated to get third party involved. Thanks for your suggestion.  

Metaspolit Community edition is good - but be prepared for an uphill learning experience.

Hi PhilipDAth,

 

At the moment, I don't have much time to spare to learn Metasploit but I'll put that in the list of nice things to learn in the future. Thanks!

Hi Johnfnadez,

 

Is it just simply opening notepad.pw in a webrowser? I tried to do it but nothing comes up on the MX email alerting or Security Center. 

Yes!

 

Look my MX 🙂 

 

 

Try to check you Policies in your group policies that you have assigned in your device or VLANs

 

And also check your threat protection config.

Regards!

i just did a simple network scan using nmap on kali linux on one of my sites

shouldnt this type of scan be considered as intrution? nothing shows up in the event log and nothing under security center also

 

 

below is if i do a scan on my home mx but within the lan

 

in my mind i wouldnt want anyone whether external or internal to be able to run scans

 

You can't do anything to stop an nmap scan.  I guess you could say after you have seen so many syn packets from a specific host to block further syn packets, but it is pretty easy to get a false positive and block legit traffic.

 

nmap is a scanning tool.  It doesn't actually utilise a compromise to try and gain access or run code.

I entered notepad.pw in Chrome on my phone.

The website popped up and my security log on my MX shows that a suspicious .pw query was blocked.

If the DNS query was blocked, why could I get to the site?

That's strange and scary.

Hi Johnfnadez,

 

In Security & SD-WAN > Threat Protection, I have IDS/IPS mode intially set to detection and ruleset to connectivity. I changed it to prevention and security with the thought that it will capture the notepad.pw malicious DNS query but no joy. The client I am using for testing is not assigned to any Group Policy so I think default policies will apply. 

After changing the Threat Protection settings, did you make sure that the MX had updated it's settings?

Sometimes it takes a few minutes for the setting to apply, especially firewall and security rules. 

Hi DHAnderson,

 

I saw the alerts in Security Center this morning when I checked. I tested again and it is now showing as suspicious .pw DNS query.

Hi Johnfnadez,

 

I got the alerts now showing in Security Center. I thought there would be an email alert generated as well but there wasn't any. Thanks! 

To get the alerts, make sure that under Network-wide/Alerts that both Malware is blocked and Malware is downloaded are checked, and that there is a valid email address in Default recipients