Firewall Wizards

Re: Message Labs

Tue, 17 Nov 2009 18:46:39 GMT

Posted by A on Nov 17

Yeah, its if you are using their mail-filtering service, for them to
be able to send you mail you have to allow the ip ranges.

Most people will lock down the router to only accept email from the
hosted security provider.. to reduce spam.

Aaron

\ /
Putting the F in BOFH!

2009/11/11 Brian Loe <knobdy () gmail com>:

Re: port scanning activity going up recently?

Tue, 17 Nov 2009 18:45:35 GMT

Posted by Nate Itkin on Nov 17

Overall illicit activity looks to be down slightly.
see: http://www.dshield.org/submissions.html (select sources, targets,
and reports for 2009)

Cheers,
Nate Itkin

Re: Message Labs

Tue, 17 Nov 2009 18:44:18 GMT

Posted by shane brennan on Nov 17

Hi

We use it in work. havent received any notification like that

Shane

Re: Network design change

Sun, 15 Nov 2009 14:21:08 GMT

Posted by sai on Nov 15

not good from a security point of view.

I would prefer to connect the routers, at the internet cloud level not the
DMZ level. I'd have the 2 core switches connected as you have.

2 reasons:
[1] gives me redundant internet connectivity in case one of the isps goes
down (assuming multiple isps and routing that can handle one link going
down)
[2] the DMZs should be separate. the more segments you have the better.
connecting the 2 at switch level...

Re: Network design change

Sun, 15 Nov 2009 14:20:02 GMT

Posted by pkc_mls on Nov 15

shadow floating a écrit :

If it's possible, I'd rather use a link between both firewalls
to connect the DMZ.

If you connect directly the dmz switches, and if someone can get access
to your dmz, he will get access to the other one as well, as there won't
be any filtering between the DMZs.

do the DMZ share the same network addresses ?

if not, just use an unused interface on each fw, connect both via a
link, then create some routes to allow...

Re: secure firewall rule management program

Sun, 15 Nov 2009 14:18:47 GMT

Posted by Lan Li on Nov 15

Athena Security also provides a cleanup tool/basic ops tool. Works with
Cisco, Check Point and Netscreen firewalls. Available for eval download at
http://www.athenasecurity.net/firepac_trial.html

Lan Li

-----Original Message-----

From: firewall-wizards-bounces () listserv icsalabs com

[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Marcin
Antkiewicz

Sent: Thursday, November 05, 2009 10:52 PM

To: Firewall Wizards...

Re: OT, sorta: Breaking pipes?

Sun, 15 Nov 2009 14:17:37 GMT

Posted by Kurt Buff on Nov 15

We don't use perl/cgi here, but the example is instructive.

This issue at hand is for web browsing by clients - the newish manager
believes that it's just too annoying to add exceptions for the
misbehaving web sites. Of course, it's not just the pipe character.
It's also the other unsafe/unwise characters, and the URLs that are
longer than 1024 characters, etc.

At some point we may be hosting a web site locally, but that hasn't happened.

This...

Message Labs

Sun, 15 Nov 2009 14:16:28 GMT

Posted by Brian Loe on Nov 15

Anyone here using message labs? Have you received notice that you MUST
open up your firewall for 8 or so networks?

port scanning activity going up recently?

Sun, 15 Nov 2009 14:15:09 GMT

Posted by Ken Fox on Nov 15

Hi all -

Has anyone else noticed a recent spike in port scan activity over the last
few days?

I've been seeing some interesting traffic where multiple source addresses
are probing a number of the same high order destination ports from a small
set of source ports with a number of different but specific packet sizes.

e.g.: source port 3268 -> dest port 50572 packet size 48, 60, 64, and 52
egg: source port 3268...

Re: Network design change

Tue, 10 Nov 2009 19:56:57 GMT

Posted by shadow floating on Nov 10

Hi All,
My company has two sites in to 2 different locations that are
connected via high speed link at the core layer ( I've attached a
link to the diagram :
http://img18.imageshack.us/img18/77/questionhk.jpg for ease of
explanation)
in each site I've 1 DMZ , the network team wants to connect the DMZ
switches in both sites for better performance and "security" - the
link under investigation is shown in red in the picture - via...

Re: secure firewall rule management program

Tue, 10 Nov 2009 19:55:39 GMT

Posted by Marcin Antkiewicz on Nov 10

Hi Morty,

we are looking at the same, but we are looking for a cleanup/basic ops support
tool right now.

Would you mind sharing the dealbreaking requirements? I am wondering now
what, if anything we have missed.

Re: OT, sorta: Breaking pipes?

Tue, 10 Nov 2009 19:54:07 GMT

Posted by Chris Myers on Nov 10

Do you use Perl at all with CGI scripts? If so, this is just an
example of what might be done with anything written with custom
scripts. In this case, it is a specific vendor, but it could happen to
anyone who does not code diligently.

http://www.kb.cert.org/vuls/id/496064

Thank You,

Chris Myers
clmmacunix () charter net

John 1:17
For the Law was given through Moses; grace and truth were realized
through Jesus Christ.

Go Vols!!!!

Re: secure firewall rule management program

Thu, 05 Nov 2009 22:57:53 GMT

Posted by Morty Abzug on Nov 05

Thanks! We're looking both at Tufin (mentioned by Rainer Ginsberg)
and at Algosec (mentioned by one of our managers and by Rainer). The
current versions of both products fail to meet several of our
dealbreaking requirements. Both products are relatively new. We're
hopeful that a future version of one or both products will be what we
want.

- Morty

Re: secure firewall rule management program

Thu, 05 Nov 2009 22:56:50 GMT

Posted by Matthias Leu on Nov 05

Hi Morty,
have you had a look at Tufin SecureTrack and SecureChange Workflow?
It's not free, but quite good and I think your requirements are fulfilled.

It runs on Linux and is written by security professionals.
SecureTrack is connected to Check Point SmartCenter or MDS/CMA via
OPSEC, other vendors are supported too (e.g. Juniper, Cisco,
Fortinet,...).
Each 'save' gives a new revision, no 'install' necessary. So reports,
and above all, alerts...

OT, sorta: Breaking pipes?

Thu, 05 Nov 2009 22:55:33 GMT

Posted by Kurt Buff on Nov 05

All,

At $WORK I admin a nice Sidewinder. Works well. I like it, though I'm
not as fully trained on it as I'd like to be.

However, I'm seeing more complaints from end-users who are
encountering web sites that issue URLs with the pipe/vertical bar -
"|" - character embedded in them. The Sidewinder proxy denies it, as
is proper. The latest occurrence is a really stupid State government
web site that actually puts the pipe character at...