Home page logo
/
firewall-wizards logo
Firewall Wizards Mailing List

Tips and tricks for firewall administrators

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
2014157
2013536157
201211
2011221053407318
2010387108520142151613
20092533195373519291124256
2008305475694036142217102933
20074851915245321384913719554
20061631604273122875111550386718
2005161137864516715814945120477119
200410224613312222720921513614717697159
2003283158113215291161183127121177104115
2002211133981047568271245166349193144
20013051921711379710720580114142133
2000264358242233141111321244142100
1999152199244216264330328172211305377264
19987321579241170244186247269343149167
1997159194188202

Latest Posts

Re: nipper studio experiences? Marcus J. Ranum (Jul 23)
Mike Lloyd wrote:

Since you're posting from redsealnetworks.com may I infer that you are
referring as "smart" to redseal's products? Because, as far as I can tell,
they are also rule-checking systems. Granted, the rules are much more
complicated than they might otherwise be, but an expert system is an
expert system; short of solving the hard AI problem (in which case we
wouldn't call it an "expert system")...

Re: nipper studio experiences? Shawn Summers (Jul 20)
Very good experience with the tool, features and usefulness have greatly increased in recent months. They support
current versions of many common vendors' devices, well publicized list on their website
(https://www.titania.com/nipperstudio/networkdevices). Very easy to use- you feed it raw config files and it parses
them line-by-line, then generates reports on findings. Default best practices baseline is pretty good, and you can...

Re: nipper studio experiences? Mike Lloyd (Jul 20)
Patrick,

I'll try to keep this as vendor neutral as I can - it's tricky, since I make technology in this space :-)

Nipper and other comparable products wouldn't technically qualify as "expert systems". They are rule engines - think
more like a spell checker than a style checker. Such products are usually turning up issues per device - much the same
way you can spell check multiple documents at once.

You asked about...

Re: nipper studio experiences? Dotzero (Jul 20)
This looks like it is the commercial version of
http://sourceforge.net/projects/nipper/. Ian Whiting is behind both of
them.

nipper studio experiences? Darden, Patrick (Jul 17)
http://www.titania.com/nipperstudio

Our audit folks are talking about this. Anyone have any experience with it-good or bad? Is it effective? I am
guessing it is an expert system that simply looks for certain conf details or juxtapositions? Does it do it between
devices? Do you have to feed it a network map? Does it take a lot of hand-holding, configuration, setup?

Thanks,
--p

Re: Why Firewalls Are Uninteresting? Darden, Patrick (Jul 02)
Part One of the Red book (Trusted Network Interpretation):
http://csrc.nist.gov/publications/secpubs/rainbow/tg005.txt

--Patrick Darden

-----Original Message-----
From: firewall-wizards-bounces () listserv cybertrust com [mailto:firewall-wizards-bounces () listserv cybertrust com]
On Behalf Of Árpád Magosányi
Sent: Tuesday, July 01, 2014 1:03 AM
To: firewall-wizards () listserv cybertrust com
Subject: [EXTERNAL][fw-wiz] Why Firewalls Are...

Why Firewalls Are Uninteresting? Árpád Magosányi (Jul 02)
Okay, here is my 5 cents for popcorn :)

One of the core tasks of network perimeter defence is to keep the
structure of the network - hence the application architecture - in
shape, and provide information flow control on the macroarchitecture
level. This is what the Red Book is about, and the Red Book is the most
thoroughly forgotten piece of knowledge in IT security if not in IT as a
whole.

If you take a look at the Red Book - I mean the...

Re: Quiet Timothy Shea (Jun 30)
Meh. Is this the year of IPv6? Or was that last year? Or next year? I'm
sure it will come up in some meeting and we will table it to next year.
But I'm sure someone here will spend a lot of text here to inform that I
must absolutely convert now even though it provides no value to our
business nor are we seeing any demand (even in our asian markets).

Meh. For office perimeter protection - most vendors that offer "firewall
as...

Re: Quiet David Hills (Jun 30)
Okay, I'll bite.

You mean you aren't doing this yet? You're still using Windows XP and Fax
as well, right?

Platforms like the XBox One are already using IPv6 almost exclusively for
P2P communications. Even my 3 year old printer which barely does WiFi
reached out for DHCPv6 and gave itself an IP address when V6 was turned on
at home.

I always use Cloud firewalls to protect my cloud assets. Otherwise those
cloud bad actors might...

Re: Quiet Tracy Reed (Jun 23)
On Mon, Jun 23, 2014 at 10:16:52AM PDT, Paul D. Robertson spake thusly:

It's a good thing. I can't wait to see NAT die.

I wish people would stop saying "cloud" and start saying what they actually
mean.

Too often they are used to enumerate badness instead of whitelist goodness.

Re: Quiet Darden, Patrick (Jun 23)
1. Have any of you used the IPv6 IPSEC equivalent yet? Tunnel or transport mode? Vendor hardware? Difficulties?

2. I've pondered a cloud based service for web acceleration/filtering. Perhaps it would use Riverbeds for bandwidth
optimization via compression, dedupe, etc....? Anything like that out there?

3. If it doesn't do WAP, then it's an old fashioned firewall--and quite possibly obsolete. These days, the firewall...

Quiet Paul D. Robertson (Jun 23)
It's quiet here- I'd like to stir up some discussion...

Thoughts on IPv6?
Thoughts on "Cloud Firewalls?"
Thoughts on Web Application Firewalls?

Paul

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]