On January 20, 2022, at around 9.30 p.m. (U.S. EST), SonicWall started to receive reports that some SonicOS 7.0 firewall users were experiencing service disruptions in the form of reboot loops or connectivity issues.
Cause
Certain firewalls running SonicOS 7.0 were not able to correctly process the signature update published on Jan. 20. During signature update parsing by one of the components within SonicOS, a corner case error condition led to a restart or connectivity disruption. Firewalls are designed to fetch new signatures on startup, so this process repeated after a restart.
Resolution
SonicWall updated the signatures to address the issue, including refreshed timestamps. Firewalls will automatically pull the full signature update so no end-user action is required. SonicWall has identified the root cause and implemented multiple changes to prevent future occurrences.
Alternate Workaround
Prior to receiving updated signatures that resolves the issue as outlined above, the following temporary workaround can be implemented as an alternate workaround by users who have physical access to the impacted device.
Unplug the WAN connection (If you are unable to log in to the firewall)
Log in to the firewall from the LAN
Navigate to the Diag page. This can be reached by typing in the LAN IP of the SonicWall in the browser, with https://IP/sonicui/7/m/mgmt/settings/diag. EXAMPLE: https://192.168.168.168/sonicui/7/m/mgmt/settings/diag.
Click on internal settings to access the internal settings page or diag page. Please search for the option “Enable Incremental updates to IDP, GAV and SPY signature databases.”
Disable (Uncheck) this setting and select ‘Accept.’ It is important to select ‘Accept’ for the setting to take effect.
Plug the WAN connection and restart the firewall.
Monitor the firewall to ensure this addresses the issue. If neither of the above resolutions work, please reach out to support for further assistance.
On December 23, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “WordPress Email Template Designer – WP HTML Mail”, a WordPress plugin that is installed on over 20,000 sites. This flaw made it possible for an unauthenticated attacker to inject malicious JavaScript that would execute whenever a site administrator accessed the template editor. This vulnerability would also allow them to modify the email template to contain arbitrary data that could be used to perform a phishing attack against anyone who received emails from the compromised site.
Wordfence Premium users received a firewall rule to protect against any exploits targeting this vulnerability on December 23, 2021. Sites still using the free version of Wordfence will receive the same protection on January 22, 2022.
We sent the full disclosure details to the developer on January 10, 2022, after multiple attempts to contact the developer and eventually receiving a response. The developer quickly acknowledged the report and released a patch on January 13, 2022.
We strongly recommend ensuring that your site has been updated to the latest patched version of “WordPress Email Template Designer – WP HTML Mail”, which is version 3.1 at the time of this publication.Description: Unprotected REST-API Endpoint to Unauthenticated Stored Cross-Site Scripting and Data Modification Affected Plugin:WordPress Email Template Designer – WP HTML Mail Plugin Slug: wp-html-mail Plugin Developer: codemiq Affected Versions: <= 3.0.9 CVE ID:CVE-2022-0218 CVSS Score: 8.3 (High) CVSS Vector:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Researcher/s: Chloe Chamberland Fully Patched Version: 3.1
WP HTML Mail is a WordPress plugin developed to make designing custom emails simpler for WordPress site owners. It is compatible with various WordPress plugins like WooCommerce, Ninja Forms, BuddyPress, and more. The plugin registers two REST-API routes which are used to retrieve email template settings and update email template settings. Unfortunately, these were insecurely implemented making it possible for unauthenticated users to access these endpoints.
More specifically, the plugin registers the /themesettings endpoint, which calls the saveThemeSettings function or the getThemeSettings function depending on the request method. The REST-API endpoint did use the permission_callback function, however, it was set to __return_true which meant that no authentication was required to execute the functions. Therefore, any user had access to execute the REST-API endpoint to save the email’s theme settings or retrieve the email’s theme settings.
As this functionality was designed to implement setting changes for the email template, an unauthenticated user could easily make changes to the email template that could aid in phishing attempts against users that receive emails from the targeted site. Worse yet, unauthenticated attackers could inject malicious JavaScript into the mail template that would execute anytime a site administrator accessed the HTML mail editor.
As always, cross-site scripting vulnerabilities can be used to inject code that can add new administrative users, redirect victims to malicious sites, inject backdoors into theme and plugin files, and so much more. Combined with the fact that the vulnerability can be exploited by attackers with no privileges on a vulnerable site, this means that there is a high chance that unauthenticated attackers could gain administrative user access on sites running the vulnerable version of the plugin when successfully exploited. As such, we strongly recommend that you verify that your site is running the most up to date version of the plugin immediately.
Timeline
December 23, 2021 – Conclusion of the plugin analysis that led to the discovery of a Stored Cross-Site Scripting Vulnerability in the “WordPress Email Template Designer – WP HTML Mail” plugin. We develop and release a firewall rule to protect Wordfence users. Wordfence Premium users receive this rule immediately. We attempt to initiate contact with the developer. January 4, 2022 – We send an additional outreach attempt to the developer. January 10, 2022 – The developer confirms the inbox for handling the discussion. We send over the full disclosure details. January 11, 2022 – The developer acknowledges the report and indicates that they will work on a fix. January 13, 2022 – A fully patched version of the plugin is released as version 3.1. January 22, 2022 – The firewall rule becomes available to free Wordfence users.
Conclusion
In today’s post, we detailed a flaw in the “WordPress Email Template Designer – WP HTML Mail” plugin that made it possible for unauthenticated attackers to inject malicious web scripts that would execute whenever a site owner accessed the mail editor area plugin, which could lead to complete site compromise. This flaw has been fully patched in version 3.1.
We recommend that WordPress site owners immediately verify that their site has been updated to the latest patched version available, which is version 3.1 at the time of this publication.
Wordfence Premium users received a firewall rule to protect against any exploits targeting this vulnerability on December 23, 2021. Sites still using the free version of Wordfence will receive the same protection on January 22, 2022.
If you know a friend or colleague who is using this plugin on their site, we highly recommend forwarding this advisory to them to help keep their sites protected as this is a serious vulnerability that can lead to complete site takeover.
If your site has been compromised by an attack on this or any other plugin, our Professional Site Cleaning services can help you get back in business.
So far in our three big security mistakes series, we have talked about not using a secure username and keeping unused themes and plugins. Now it’s time to address the last one, if you haven’t guessed already, failing to update and backup your WordPress website.
Why Is Updating Your WordPress Important?
Did you know 80% of websites that are hacked are hacked because they weren’t updated?
If your wordpress website isn’t updated, hackers know that they can get in without having to do much work on their end. They are able to find holes, or security threats because wordpress hasn’t fixed them yet for all users so why not take advantage? This doesn’t mean updating will completely stop someone from hacking into your site but this does cut down on their chances immensely!
Even though updating your WordPress site is critical to keeping it secure and bug-free, many people fail to do this regularly, which can leave their site vulnerable to attack.
Fortunately, we have an automatic solution for you, the Shield Security plugin! We wrote a full summary of this feature for you to read here.
Remember to not only update your WordPress core regularly, but your themes, plugins, and other add-ons as well.
How to Backup Your WordPress Website
As you probably know, failing to backup your website can result in lost data if your site is hacked or crashes. Some hosting providers take automatic backups of your site on a regular basis, others require you to do it manually or pay for that additional feature. If none of those options are appealing to you then a WordPress backup plugin is probably your best option.
There are several solutions out there that automatically back up all of the files in your WordPress site, including images and content – ensuring you never lose another post or page! You can also easily restore a previous version of your wordpress if needed.
We wrote out a list of our recommendation plugins and solutions for backups in this article, you definitely want to give that a good read and get yourself a scheduled backup system in place.
Unfortunately, there is no perfect solution that will work at all times, but with some savvy tools such as the Shield Security Free or Pro plugin and educational recourses such as this article you can keep your site up and information safe!
WordPress security is important to think about. When you install wordpress on your site, it comes with a built-in firewall that helps protect against malicious attacks, but usually, that’s not enough so you’d probably install a tool such as our Shield Security Free or Pro plugin. However, any unused themes or plugins will make your wordpress vulnerable. This blog post is going to go over 10 different ways to clean up and secure your wordpress site!
10 Tips and Tricks to Reduce Overload and Secure Your WordPress Website:
Delete any unused themes or plugins from your wordpress site in order to clean it up and reduce vulnerabilities from attacks on your site’s security.
Deactivate all unused themes and plugins instead of just deleting them so they’re still available if you ever need them again.
Remove spam comments that are clogging up your site and taking up valuable server space.
If you have any inactive users, delete their accounts to clean up your wordpress site.
Review the wordpress security settings on your website and make sure they’re as tight as possible.
Update wordpress, themes, and plugins regularly so that you’re using the latest versions which come with security enhancements.
Use a caching plugin to help speed up your website – this will not only improve user experience but also SEO performance.
Minimize the use of third-party scripts (such as social media sharing buttons) on your wordpress site as these can slow it down and make it more vulnerable to hacking.
Optimize your wordpress site for web performance by compressing images, minifying CSS and JavaScript files, enabling browser caching, etc. so that your website loads faster which is great for SEO purposes – install a wordpress backup plugin such as BackWPup (all plans) or VaultPress (paid plan).
It’s also important to review wordpress setup and make sure there isn’t any room for improvement
There’s a lot in this list, we know. That’s why we’ve included a checklist in our Free or Pro version with links to the settings you need to have for securing your site and applying most of the optimization listed above.
If you’re an admin of an account, then you should probably stop using admin as your username. It turns out that this is one of 3 big security mistakes that users make when it comes to WordPress security. In today’s post, we’ll go over why admin usernames are not a good idea and the best practices for choosing a new username in order to keep your site safe from hackers!
Why is choosing the admin username bad for my WordPress website’s security?
If you are the admin of an account, then you might think that using admin as your username is a great idea. However, this isn’t exactly true! When it comes to security on WordPress websites and choosing usernames for admin accounts, there are quite a few things that can go wrong if you use admin as your username.
The first reason why having the admin username is bad for security purposes has to do with brute force attacks. Brute force attacks are when hackers try different combinations in order to gain access to passwords or private information about users on any given website. Because so many people choose admin as their password due to its simple structure (admin), these kinds of hacker attacks tend to be very successful because they essentially have everything they need to gain access to a site right from the start.
In addition to being vulnerable to brute force attacks, admin usernames are also very susceptible to social engineering scams. Social engineering scams are when hackers try to get unsuspecting users to give away personal information like passwords or log-in credentials by posing as someone that the user trusts. For example, if you receive an email from your bank asking for updated login information, and you’re not sure whether the email is legitimate or not, it’s best to call customer service and ask them about the message before taking any further action.
Since admin is such an easily guessed username, it makes it much easier for scammers to try and scam people into giving away their personal log-in details. So, if you’re using admin as your username, it’s not only bad for security reasons but also makes you more susceptible to scams.
Tips For Choosing A Secure Username
If you want to be extra careful with how you choose usernames moving forward, there are two things that we would recommend doing. The first thing is to check if any other accounts have been made on your website or blog with similar names (e.g., administrator, support, helpdesk ). If you find any, change them to something more unique, like a special term, a department name, a person’s name. That way, even if someone tries to hack into your account, they’ll be met with a login error.
The second thing you can do is use a password manager to create and store strong passwords for all of your accounts (including admin ). This will help make sure that no one ever gains access to your site by guessing or cracking your password. If you’re not familiar with password managers, I’d recommend checking out LastPass or Dashlane. They both offer free and paid versions, so you can choose the one that’s best for you.
What are some safer alternatives to using admin as my WordPress website username?
If you’re looking for a more secure alternative to the admin username, then there are quite a few options that you can choose from. Here are some of our favorites:
– Username: YourFirstName + YourLastName – This is a great option because it’s unique and easy to remember.
– Username: CompanyName_UserName – This is another good option if you want to use your company name as your login credentials.
– Username: Password123! – This might not be the most secure option, but it’s definitely better than using admin as your username.
– Username: randomword123 – This is a good option if you want to create a unique username that isn’t easily guessed by hackers.
Whatever username you choose, be sure to make it something that you can remember and that isn’t easily guessed by hackers. And, most importantly, never use admin as your login credentials! Choosing a more secure alternative will help keep your WordPress website safe from unwanted intrusions.
The holidays are a time for sharing, giving, and family. However, cybersecurity experts warn that cybercriminals also take advantage of this special time to spread malicious software or steal credit card information. In order to reduce the risk of becoming a victim during the holiday season, we’ve compiled cybersecurity tips you can follow to stay safe online.
P.S. This is not just any blog post on cybersecurity; it’s our top 10 list!
Tip #1: Be Cautious of Phishing Emails
One of the most common ways cyber criminals attempt to steal your personal information is by sending phishing emails. These emails often look like they’re from a legitimate company or organization, but in reality, they’re from cybercriminals trying to trick you into giving up your personal information. To protect yourself, be cautious of any email that asks for sensitive information such as your credit card number or password, and never click on links or open attachments in suspicious emails.
Tip #2: Use Strong Passwords
Another way cybercriminals can gain access to your personal information is by stealing your passwords. In order to protect yourself, use strong passwords that are difficult to guess. You can create strong passwords by using a combination of letters, numbers, and symbols. Also, be sure to never use the same password for multiple accounts.
Tip #3: Keep Your Devices Protected
One of the best ways to protect your devices from cybercriminals is by keeping them protected with antivirus software. Antivirus software can help protect your devices from malware and other types of malicious software. In addition, it’s important to keep your operating system and applications up-to-date as this can also help protect you from cybersecurity threats.
Tip #4: Be Cautious When Using Public Wi-Fi Networks
Public Wi-Fi networks are a convenient way to stay connected when you’re out and about, but they can also be a hotspot for cybercriminals. These networks are often unsecured, which means your data is vulnerable to being stolen by hackers. To protect yourself when using public Wi-Fi networks, make sure you use a VPN and be careful not to enter any sensitive information such as your credit card number or passwords.
Tip #5: Avoid Shopping Online on Unsecured Websites
When shopping online, it’s important to only visit websites that are secure. Secure websites have a web address that starts with “HTTPS” instead of “HTTP” and they will usually have a lock symbol next to their web address. Cybercriminals often create fraudulent websites that look identical to secure websites in order to trick you into entering your personal information. When shopping online, always make sure the website is secure before entering any sensitive information.
Tip #6: Use a Password Manager App
Using strong passwords can be difficult when trying to remember them all. To help protect yourself, use password manager apps that are designed for this purpose. These apps create complex and unique passwords for every account on your devices so you don’t have to worry about it! Plus they automatically log you in with these saved passwords whenever needed, making it even easier too!
Tip #7: Turn On Two-Factor Authentication Whenever Possible
Two-factor authentication provides an extra layer of security by requiring two different forms of authentication before you can log in to your account. This could be something as simple as a code sent to your phone or a one-time password that is generated by an app. By turning on two-factor authentication, you can help protect yourself from cybercriminals who may try to steal your login credentials.
Tip #8: Check Your Credit Report Regularly
One way to help protect yourself from identity theft is by checking your credit report regularly. You can get a free copy of your credit report once a year from each of the three major credit reporting agencies. Checking your credit report can help you identify any suspicious activity and take action if necessary.
Tip #9: Be Wary of Social Media Scams
Social media scams are a common way for cybercriminals to steal your personal information. These scams often involve fake posts or messages from friends asking you to click on links or download files. Always be wary of any posts or messages that seem suspicious and never click on any links or download any files without verifying the source first.
Tip #10: Back Up Your Data
One of the best ways to protect your data from being lost or stolen is by backing it up regularly. By backing up your data, you can ensure that if your device is ever lost or stolen, you will still have a copy of all your important files. There are many different ways to back up your data, so find one that works best for you and stick with it!
These are just a few of the many cybersecurity tips that you can use to help protect yourself during the holiday season. Even though there are real risks out there, we wish you all the best during this festive time! Stay safe and enjoy your time with family and friends! 🙂
DNS tunneling is a technique that encodes data of other programs and protocols in DNS queries, including data payloads that can be used to control a remote server and applications. Because of this, DNS tunneling – and DNS exfiltration associated with it by threat actors – is of great concern to many IT and SecOps teams. Fortunately, new developments in the Cisco Umbrella DNS cache system allow for faster and more reliable detection of DNS tunneling and exfiltration events.
How Does DNS Tunneling Work?
DNS tunneling revolves around the transfer of data. So, if we have:
Input Data data – Name: Alice, Age: 25, SSN: 123-45-678
Using DNS exfiltration, we can encode and send this data placed in several subdomains of the domain under our control as a single entry:
Or, we can use multiple entries using multiple queries to large numbers of domains:
jzqw2.zj2if.my.tunnel.com
wgsy3.ffraw.my.tunnel.com
ozj2g.i2syu.my.tunnel.com
2tjy5.dcmrt.my.tunnel.com
Users can abuse this technique – as seen in Fig. 1 below – by installing a free DNS tunneling tool to bypass IT policies and/or monitoring. They can also use this technique to bypass network authorization to obtain free internet access in hotels and airports.
Fig. 1
Attackers can use outbound DNS requests to send encoded exfiltrated data to their infrastructure – as seen in Fig. 2 below – or use DNS responses to send commands to compromised systems and manage infected devices remotely.
Fig. 2
Improvements to DNS Tunneling Realtime Detection
Today, we’re thrilled to announce that organizations have a powerful new ally to protect against data exfiltration and unauthorized DNS tunnels in their networks. Cisco Umbrella has developed a new proprietary cache within our DNS resolvers to work alongside our machine learning modules. Our newest machine learning module is tuned to detect data exfiltration and DNS tunneling events.
This new module monitors DNS traffic for behavioral patterns and traffic exfiltrating data, efficiently building enough information to detect and block data exfiltration. And, in the event circumstances and domain reputations change, this module will correct itself and let traffic through.
We made this update because, over the past couple of years, we’ve seen organizations more productive and more connected amidst the new reality of working digitally during the pandemic. The explosion of logins and bandwidth, though, has at times come with reductions in digital security. Data exfiltration has become a new reality, and one hole attackers punch is in the DNS.
Powering Improvements With a Revolutionary DNS Cache
The technology stack powering Cisco Umbrella’s DNS resolvers handles blistering loads of DNS traffic from ISPs, global organizations, municipalities, schools, and homes. Building on this, we’ve hacked the heart of the DNS resolver – the cache. And while we dig into the details of this new functionality in our DNS tunneling solution brief, we also want to provide you with an overview here.
The cache of a DNS resolver enables serving the swell of global traffic without fault, outage, and ease. It also insulates the backbone of the internet from being overwhelmed with identical queries. Caches store data locally so that it can be served quicker.
Tunneling Cache
The tunneling cache enables us to glue together a sequence of queries that are otherwise distinct atomic events. With proprietary key and data fields, we seamlessly incorporate rapid cache updates unbeknownst to web surfers. We maintain lightning speed throughout by merging incoming data fields using tricks found in probabilistic algorithms. Gluing together each individual’s DNS queries provides access to a rich amount of information, otherwise hidden. Organizations can now get personalized DNS tunneling monitoring, detection, and enforcement in real time.
Encryption Payloads
We pair the new DNS cache with a lexical engine highly trained at identifying encrypted messages. Our researchers dug into various encryption protocols and created a stateful algorithm capable of churning through every character transition in a domain name and identifying encryption payloads with high fidelity.
Take DNS-Layer Security to the Next Level
Cisco Umbrella analyzes internet activity to uncover known and emergent threats in order to protect users anywhere they go. Together, these capabilities power Umbrella to predict and prevent DNS tunneling attacks before they happen. Enabling this security category reduces the risk of DNS tunneling and potential data loss. Organizations can choose to block users from using DNS tunneling VPN services, or they can monitor the results in reports, providing flexibility to determine what is suitable given their risk tolerance.
Address your DNS blind spot by enforcing security over port 53 both on and off the corporate network. Request a personalized demo of Cisco Umbrella today to explore how this exciting new feature can help protect your enterprise.
Last year threw a lot at cybersecurity teams, from the emergence of several high-profile cyberattacks to the revelation of widespread vulnerabilities. As we all move into 2022, odds are your team is re-thinking your cybersecurity strategy to help make your organization more resilient and flexible. This should involve an evaluation of your cybersecurity solutions, as they impact the implementation and effectiveness of any strategies your team creates.
In our ebook 7 ways to strengthen your security in 2022 and beyond, we discuss the different ways you can amplify and extend your cybersecurity stack this year using Cisco Umbrella. But if you’re looking for some tips to get you started, here are three things to keep in mind as you plot out your cybersecurity strategy:
1. Make Sure Your Cybersecurity Solutions Don’t Impact Network Speeds
The use of internet resources and cloud services was on the rise before the COVID-19 pandemic. Now that employees have spread out – collaborating with coworkers and performing business-critical tasks from anywhere they have internet access – cloud-based tools have become more critical than ever.
This means that an effective cybersecurity strategy needs to balance the implementation of strong protections against the need for minimal latency on the company network. From a business perspective, cyber safety can’t come at the expense of speed.
In order to maintain this balance, take a look at your cybersecurity solutions and evaluate the following:
Routing Algorithms – Frequently, having fast and secure internet access comes down to a cybersecurity vendor’s data center network and routing algorithms. Make sure your cybersecurity solutions come backed by a robust global data center network and transparent routing protocols with automated failover to the fastest available servers. This minimizes latency, regardless of where users on your network are located.
Peering Relationships – Peering relationships allow cybersecurity vendors to minimize latency without compromising on security. As you reevaluate your cybersecurity strategy in the coming year, make sure your vendors have peering relationships with large cloud service providers your organization relies on. This allows employees to easily access the tools they need without introducing added latency.
Keeping network speeds in mind while you refine your cybersecurity strategy for the upcoming year can improve employee satisfaction, affect executive buy-in, and have an impact on your organization’s bottom line.
2. Strengthen Cybersecurity Infrastructure to Reduce Disruptions
Last year, we all experienced more than our fair share of network disruptions, outages, and downtime. Several of these events were impactful enough to make it into the news cycle. And while an outage isn’t the same thing as a cyberattack, your cybersecurity strategy should include finding solutions that are designed to reduce downtime instead of causing it.
Take some time to review the track record of your vendors. For example, do they have a proven record of resiliency and uptime? Better yet, can they handle infrastructure disruptions without passing those disruptions onto your users? For example, the unique DNS logging features included in Cisco Umbrella DNS-layer security can be used during certain events – like the 2021 Akamai outage – to keep users connected to business-critical cloud tools despite provider outages.
3. Make Sure Your Cybersecurity Strategy Includes Guest WiFi Considerations
Between the move to a hybrid work model and the gradual reopening of public spaces, odds are you’ll find more employees and clients using your guest WiFi in the coming year. So, it’s essential to make sure that both your private and guest WiFi networks have the speed users desire and the protection you need.
Does your suite of cybersecurity solutions provide your team with the ability to filter content and enforce security protocols over your guest WiFi network? Does your security stack allow you to maintain a single IP address for your entire enterprise, streamlining the management of guest WiFi security policies? Finally, can your cybersecurity solutions handle the uptick in user traffic that guest WiFi causes without increasing latency? If the answer to any of these questions is “no,” it may be time to think about adjusting your security stack.
Looking for More Ways to Strengthen Your Cybersecurity Strategy?
Outlook for Microsoft 365 Outlook for Microsoft 365 for Mac Microsoft 365 for home More…
Most email apps like Outlook are able to automatically configure email server settings. If you need server settings or help finding your server settings, click on one of the links below:
If you’re connecting to an Exchange mailbox and not using Microsoft 365 email, or if you aren’t sure if you’re using Microsoft 365 email, do the following to look up your settings:
In Outlook Web App, on the toolbar, select Settings > Mail > POP and IMAP.
The POP3, IMAP4, and SMTP server name and other settings you may need to enter are listed on the POP and IMAP settings page.
What server settings do I need from my email provider?
To help you get the info you need, we’ve put together a handy chart of the email server settings you should ask for. You will most likely have to set up your email as an IMAP or POP account as well. What are POP and IMAP? Check with your provider if you’re not sure which to use.
Note: When you use an IMAP or POP account, only your email will sync to your device. Any calendar or contacts associated with that account will be stored only on your local computer.
Follow these instructions to get your email settings:
Print out this page and keep it within reach.
Call your email provider and ask them about the settings in the chart below.
Write down the corresponding email server settings in the empty column.
Return to your email app and enter the information to complete your email setup.
Note: You may only need some of the settings on this list. Find out from your email provider what you will need to access your email on your mobile device.
General Email Settings
Setting
Description
Write Your Setting Here
Example
Email Address
The email address you want to set up.
yourname@contoso.com
Password
The password associated with your email account.
——–
Display Name
The name you want your email recipients to see.
Mike Rosoft
Description
Add a description of your email account.
Personal, work, etc.
Incoming Mail Server Settings
These settings are for sending email to your email provider’s mail server.
Setting
Description
Write Your Setting Here
Example
Host Name
Your incoming mail server name.
outlook.office365.com
Username
The email address you want to set up.
yourname@contoso.com
Port
The port number your incoming mail server uses.
Most use 143 or 993 for IMAP, or 110 or 995 for POP.
Server or Domain
This is your email provider.
yourprovider.com, gmail.com, etc.
SSL?
Is your email encrypted using SSL?(SSL is enabled by default in the Outlook mobile app)
SSL Enabled
Outgoing Mail Server Settings (SMTP)
These settings are for sending email to your email provider’s mail server.
Setting
Description
Write Your Setting Here
Example
SMTP Host Name
Outgoing mail server name. Most often smtp.yourprovider.com
smtp.office365.com
SMTP Username
The email address you want to set up.
yourname@contoso.com
SMTP Password
The password associated with your email account.
——–
SSL?
Is your email encrypted using SSL?(SSL is enabled by default in the Outlook mobile app)
If you have a work or school account that uses Microsoft 365 for business or Exchange-based accounts, talk to your Microsoft 365 admin or technical support.
If you value your security and privacy, then a VPN is an absolute necessity. A VPN, or virtual private network, stops others (even your internet service provider) from snooping on your online activity by routing all your internet traffic through a secure, encrypted tunnel. VPNs work especially well for guaranteeing that you’re protected even when using unsecured public Wi-Fi networks, too.
And nowadays, with all of us using our mobile devices more than ever before to get online, it is essential that our cell phones are equipped with a VPN so we can be fully protected on the go.
How can I set up a VPN on my iPhone?
There are two ways to accomplish this. The first method — and the one that will be most suitable for the majority of people — is to choose a VPN provider and then download and install its app from the Apple App Store. In general, the process will be super easy and the installer will guide you through any settings that you may need to configure.
Take VPN Proxy One Pro for example. The setup process simply couldn’t be any easier. Within minutes of downloading the app from the App Store (click here to do this, by the way), your iPhone will be protected by world-leading encryption and you’ll be free to connect to the internet safely, even on public Wi-Fi networks.
The second method, which is outlined below, is only recommended for those who are a little more tech-savvy. This option is perfect for people who want more control over their VPN experience and don’t mind putting in the extra time and effort to get it. This method allows you to choose which protocol you use as well as customize other settings, but it does require some additional knowledge.
But before we explain the second method, we need to quickly talk about VPN protocols…
What are the VPN protocols natively supported by iOS?
Before you can manually set up a VPN on your iPhone, you’ll need to select which VPN protocol you wish to use. Here are the ones that natively work with iOS:
L2TP
L2TP (Layer 2 Tunneling Protocol) is a type of tunneling protocol. Because L2TP does not offer any encryption on its own, it is normally paired with IPSec (see below). The two technologies form an excellent partnership and together provide great security. It is not as fast as some other options, however.
IKEv2
Just like L2TP, IKEv2 (Internet Key Exchange version 2) also doesn’t offer any encryption of its own, so must also be paired with IPSec. It is faster than L2TP and works particularly well with mobile devices because it can easily move between connection types (Wi-Fi to a cellular network, for example). Although it was jointly developed by Microsoft and Cisco, it is still natively supported by iOS.
IPSec
IPSec (Internet Protocol Security) is also natively supported by iOS and can be used on its own as a VPN protocol.
How to manually set up a VPN on iPhone
Once you’ve decided on which protocol to use, to manually configure a VPN on iOS, go to Settings > General > VPN > Add VPN Configuration > Type. From here, you can select either IKEv2, IPSec, or L2TP (which actually comes with IPSec, even though it isn’t made clear).
After selecting the VPN protocol type, you will need to fill out the other details. Most of the additional information should be available on the VPN provider’s website, either in your account settings or in the online documentation, but if you are unsure of where to find anything, it is best to contact them directly.
Once you’ve filled in all the required information, click Done in the right-hand corner and you’re good to go!
Stay connected, stay secure
If you, like most of us, rely on your mobile device to stay connected, then the value that a VPN offers simply cannot be understated. With everyone using their mobile devices for so much these days — email, social media, online shopping, etc. —when it comes to protecting our sensitive data and safeguarding our privacy, VPNs are effectively essential.
Regardless of how you go about setting up your VPN on your iPhone — whether you choose to just quickly download and install the app or configure each of the settings individually, VPN Proxy One Pro is a truly excellent choice. Click the button below to read more about it.
> Mail > POP and IMAP.
