Tips and tricks for firewall administrators

List Archives

Latest Posts

Re: Message Labs A (Nov 17)
Yeah, its if you are using their mail-filtering service, for them to
be able to send you mail you have to allow the ip ranges.

Most people will lock down the router to only accept email from the
hosted security provider.. to reduce spam.

Aaron

\ /
Putting the F in BOFH!

2009/11/11 Brian Loe <knobdy () gmail com>:

Re: port scanning activity going up recently? Nate Itkin (Nov 17)
Overall illicit activity looks to be down slightly.
see: http://www.dshield.org/submissions.html (select sources, targets,
and reports for 2009)

Cheers,
Nate Itkin

Re: Message Labs shane brennan (Nov 17)
Hi

We use it in work. havent received any notification like that

Shane

Re: Network design change sai (Nov 15)
not good from a security point of view.

I would prefer to connect the routers, at the internet cloud level not the
DMZ level. I'd have the 2 core switches connected as you have.

2 reasons:
[1] gives me redundant internet connectivity in case one of the isps goes
down (assuming multiple isps and routing that can handle one link going
down)
[2] the DMZs should be separate. the more segments you have the better.
connecting the 2 at switch level...

Re: Network design change pkc_mls (Nov 15)
shadow floating a écrit :

If it's possible, I'd rather use a link between both firewalls
to connect the DMZ.

If you connect directly the dmz switches, and if someone can get access
to your dmz, he will get access to the other one as well, as there won't
be any filtering between the DMZs.

do the DMZ share the same network addresses ?

if not, just use an unused interface on each fw, connect both via a
link, then create some routes to allow...

Re: secure firewall rule management program Lan Li (Nov 15)
Athena Security also provides a cleanup tool/basic ops tool. Works with
Cisco, Check Point and Netscreen firewalls. Available for eval download at
http://www.athenasecurity.net/firepac_trial.html

Lan Li

-----Original Message-----

From: firewall-wizards-bounces () listserv icsalabs com

[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Marcin
Antkiewicz

Sent: Thursday, November 05, 2009 10:52 PM

To: Firewall Wizards...

Re: OT, sorta: Breaking pipes? Kurt Buff (Nov 15)
We don't use perl/cgi here, but the example is instructive.

This issue at hand is for web browsing by clients - the newish manager
believes that it's just too annoying to add exceptions for the
misbehaving web sites. Of course, it's not just the pipe character.
It's also the other unsafe/unwise characters, and the URLs that are
longer than 1024 characters, etc.

At some point we may be hosting a web site locally, but that hasn't happened.

This...

Message Labs Brian Loe (Nov 15)
Anyone here using message labs? Have you received notice that you MUST
open up your firewall for 8 or so networks?

port scanning activity going up recently? Ken Fox (Nov 15)
Hi all -

Has anyone else noticed a recent spike in port scan activity over the last
few days?

I've been seeing some interesting traffic where multiple source addresses
are probing a number of the same high order destination ports from a small
set of source ports with a number of different but specific packet sizes.

e.g.: source port 3268 -> dest port 50572 packet size 48, 60, 64, and 52
egg: source port 3268...

Re: Network design change shadow floating (Nov 10)
Hi All,
My company has two sites in to 2 different locations that are
connected via high speed link at the core layer ( I've attached a
link to the diagram :
http://img18.imageshack.us/img18/77/questionhk.jpg for ease of
explanation)
in each site I've 1 DMZ , the network team wants to connect the DMZ
switches in both sites for better performance and "security" - the
link under investigation is shown in red in the picture -   via...

Re: secure firewall rule management program Marcin Antkiewicz (Nov 10)
Hi Morty,

we are looking at the same, but we are looking for a cleanup/basic ops support
tool right now.

Would you mind sharing the dealbreaking requirements? I am wondering now
what, if anything we have missed.

Re: OT, sorta: Breaking pipes? Chris Myers (Nov 10)
Do you use Perl at all with CGI scripts? If so, this is just an
example of what might be done with anything written with custom
scripts. In this case, it is a specific vendor, but it could happen to
anyone who does not code diligently.

http://www.kb.cert.org/vuls/id/496064

Thank You,

Chris Myers
clmmacunix () charter net

John 1:17
For the Law was given through Moses; grace and truth were realized
through Jesus Christ.

Go Vols!!!!

Re: secure firewall rule management program Morty Abzug (Nov 05)
Thanks! We're looking both at Tufin (mentioned by Rainer Ginsberg)
and at Algosec (mentioned by one of our managers and by Rainer). The
current versions of both products fail to meet several of our
dealbreaking requirements. Both products are relatively new. We're
hopeful that a future version of one or both products will be what we
want.

- Morty

Re: secure firewall rule management program Matthias Leu (Nov 05)
Hi Morty,
have you had a look at Tufin SecureTrack and SecureChange Workflow?
It's not free, but quite good and I think your requirements are fulfilled.

It runs on Linux and is written by security professionals.
SecureTrack is connected to Check Point SmartCenter or MDS/CMA via
OPSEC, other vendors are supported too (e.g. Juniper, Cisco,
Fortinet,...).
Each 'save' gives a new revision, no 'install' necessary. So reports,
and above all, alerts...

OT, sorta: Breaking pipes? Kurt Buff (Nov 05)
All,

At $WORK I admin a nice Sidewinder. Works well. I like it, though I'm
not as fully trained on it as I'd like to be.

However, I'm seeing more complaints from end-users who are
encountering web sites that issue URLs with the pipe/vertical bar -
"|" - character embedded in them. The Sidewinder proxy denies it, as
is proper. The latest occurrence is a really stupid State government
web site that actually puts the pipe character at...

More Lists

Dozens of other network security lists are archived at SecLists.Org.