Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS, Firewall, Proxy, and Websense Making sense of it all?


  • Please log in to reply
7 replies to this topic

#1 Boham2000

Boham2000

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 29 April 2015 - 02:33 PM

My company uses DNS, Firewall, Proxy, and Websense to secure our network and the inbound & outbound transactions.  I have a basic understanding of how each plays into the overall scheme.  As the support owner of multiple applications within my company, I am getting a large number of incidents inwich an application is not able to function as it requires access to the internet and is being blocked along the route or cases where a webservice returns "Internet Explorer cannot display the webpage".  What I am having difficulty with is identifying or developing a basic troubleshooting guide that will help me identify which piece of the puzzle is the culprit so that I can route a request for resolution to the appropriate team.  I have searched and asked questions but with no real results and short of taking classes (which I intend to do) which will not resolve the immediate issue, I am hoping one of you can help me sort it all out.

 

Thank you in advance for your time



BC AdBot (Login to Remove)

 


m

#2 RolandJS

RolandJS

  • Members
  • 4,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:02:13 AM

Posted 29 April 2015 - 03:00 PM

I'm afraid you're troubleshooting on a case-by-case basis.  You will amass some writings, based on your daily experiences, and on your learning from other sources, in notebooks on your desk.  Now, as you encounter specific error messages, there are many here in BC who are very learned [I'm not one of them] who can help you with specifics.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:03:13 AM

Posted 29 April 2015 - 05:26 PM

I think that your Networking team should be working on that issue. It's their infrastructure after all, we know nothing about yours so helping you can be quite difficult. You could always use Wireshark or Fiddler to sniff the packets and requests and see where they are being stopped and by what, but if you don't know the proxy's IP, domain name, and other information, you won't understand what you're doing. At work, when we have a Network issue with an application that is being blocked/denied access to the Internet, we go see one of the Networking team member and they assist us. We tell them what's going on, what we tried, then we log them an incident and they work on it.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Boham2000

Boham2000
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 30 April 2015 - 07:21 AM

I understand that someone else can not troubleshoot my companies network and I'm not asking for such. I am only asking for direction... Do I check proxy before firewall and firewall before we sense? The big issue is my company has this te broken apart for instance if it's a websense issue it goes to one team while proxy goes to another. The request gets bounced around for weeks with no resolution and often comes back with "not enough troubleshooting prior to submission". It really bothers me so I am trying to be more proactive and have a better understanding.

#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:03:13 AM

Posted 30 April 2015 - 08:09 AM

Looks like your company is failing in proper troubleshooting ethics then. It's not the user's job to do the troubleshooting, it's the support/tech team. You are a developper right, and from what I understand, you might be doing a bit of Web. Dev. Can't you use Fiddler to follow the web requests and see where they get blocked?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 RolandJS

RolandJS

  • Members
  • 4,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:02:13 AM

Posted 30 April 2015 - 09:16 AM

Booham makes a great point!  According to [some] business sources:  web developers need to be working on [drumroll] web development.  Software programming and engineering need to be working on - software programming and engineering.  And so on.  IT takes care of the intranet and the internet of the company.  Once a user has truly troubleshot him/her-self out of the problem equation, IT should take it from there and troubleshoot everything from wall jack to the Great Out There.  


Edited by RolandJS, 30 April 2015 - 09:17 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 AM

Posted 02 May 2015 - 12:25 PM

I've troubleshooted many issues like the ones you are facing. I always start with a network capture and then analyze it with Wireshark.

Are you familiar with Wireshark, or another network analyzer?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 Boham2000

Boham2000
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 04 May 2015 - 08:09 AM

Thank you for your responses thus far concerning this topic, Didier Stevens I am not familiar with wireshark however; based upon your input, I will certanly look into how I can use this to troubleshoot the issues in front of me...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users