tag:blogger.com,1999:blog-77700702024-11-17T17:05:46.649-05:00"On the Firewall" is a online journal on the subject of network Firewalls and all things Internet security. Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.comBlogger65125tag:blogger.com,1999:blog-7770070.post-50419034216690412342023-02-11T10:00:00.000-05:002023-02-11T10:29:22.852-05:00

While firewalls remain an important network defensive tool, commercial firewall vendors have gone in seemingly different directions when it coems to managing firewalls.  It's important that people entering the security field have a good grasp of generic firewall capabilities.  A good way of learning about firewalls is using iptables available on almost every Linux distro.  A tool

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-14445111776875908512023-01-21T10:30:00.002-05:002023-02-11T13:58:11.681-05:00

Many or most open source and commercial firewall have some basic rules that are configured when the product is first installed.  These rules are defined in an access control list (ACL).  One such rule is based on concept of the Implicit Deny.  Implicit Deny means that the default answer to whether a communication is allowed to transit the firewall is always No or Deny.  An

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-69900940992763786002022-12-17T10:00:00.000-05:002023-02-11T11:01:12.165-05:00

Firewalls are a tool used to provide critical protection for systems and information. Operating according to a set of configured security rules, firewalls monitor and manage the traffic flowing into and out of your network. It is important to understand the differences between stateful versus stateless firewall technology to ensure that those systems and information is protected.There are

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-84588611266972117872022-11-12T10:00:00.001-05:002023-02-11T13:57:33.517-05:00

A firewall state table builds and stores information about active connections that have been permitted by firewall rules.  Entries in the table define each connection based on:IP addresses for connection. Protocol - TCP, UDP, and ICMP protocols.Port numbers - Services using numbered ports.  Port numbers range from 0–65535.Process ID (PID) -Unique identifiers for the host process

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-16245165896875667682022-10-22T10:30:00.001-04:002023-02-13T00:48:23.160-05:00

In many security courses that cover firewalls; the concept of a stateless is often barely discussed.  Most open source and commercially available firewalls are stateful and many add additional features in addition to the firewall leading them to be called 'next generation' firewalls. Stateless firewalls cannot determine the complete pattern of incoming data packets but does inspect each

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-32757153659463727342020-07-12T12:15:00.001-04:002020-07-12T12:15:37.246-04:00

The Transport layer Security or TLS 'fingerprint' is based on how your computer negotiates a TLS connection to a server. The JA3 algorithm is one of several that perform 'TLS snooping' in that they use data passed between a client computer and a server to identify the client. As long as your computer (operating system, web browser, and browser extensions) doesn't change; that fingerprint will be

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-33684887593833585932020-05-09T11:55:00.002-04:002020-07-12T12:49:07.363-04:00

What's the FAR and FRR of the biometric system you are considering? What's the CER?FAR = False Acceptance Rate or when someone who is not an authorized user is granted access.FRR = False Reject Rate or when a authorized user is rejected.The CER = Crossover Error Rate which is the point at which the FAR and FRR meet.You want your FAR and FRR to both be very low. If your FAR was 1 time in every 100

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-13308711749532248062020-04-25T15:00:00.003-04:002020-07-12T12:10:01.373-04:00

A student asked me about how to get more familiar with Linux if they have a Windows PC?  I suggest looking at Oracle VirtualBox for virtualization. It's available for free.  It runs on almost any hardware.  It runs several distros of Linux (that I have used it for) very well. Linux distributions (distros) to look at.  Ubuntu.  I suggest looking at desktop first

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-12308101255985701102014-01-19T09:38:00.002-05:002014-01-19T09:39:57.028-05:00

On my ASA in the office I use Cisco ASDM (Adaptive Security Device Manager) on an ASA 5500 to implement a screening policy for my office network. An ASDM Connection table When I check ASDM and the ASA I always look at the connection table. That tells me what traffic is being permitted through the firewall.  In the screen capture above I looked at the destination IP addresses

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1204322519584225732009-02-18T08:33:00.007-05:002009-02-18T08:55:48.505-05:00

Many outlets (Reuters, PC World, TweakTown, etc,...) are reporting that Trend is going to e developing and selling Security as a Service (SECaaS?) via it's ProtectLink Protect Gateway offering. I found the best description of the offer at the Cisco site. With this new software on your Internet router Trend will be able to push updates whenever they become available. Is this a great thing? In

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-82986271638065723532008-08-18T07:18:00.000-04:002008-08-18T10:21:28.845-04:00

News out of DefCon earlier this month that Telnet is still the most wide open port that Fyodor and the folks at the NMAP Project found when scanning the Internet. The rest of the list shouldn't be a big surprise: HTTP, HTTPS, and SSH.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com1tag:blogger.com,1999:blog-7770070.post-28313479275572024382008-08-08T11:25:00.000-04:002008-08-08T11:36:20.082-04:00

If you have requirements to convert Linux Firewall rules over to the PIX, ASA, or IOS you probably want to look at the SourceForge (open source) project Firewall Builder. From the project summary "Object-oriented GUI and set of compilers for various firewall platforms. Currently implemented compilers for iptables, ipfilter, OpenBSD pf, ipfw, Cisco PIX firewall and routers access lists.". At the

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-62304754039988607892008-08-06T18:51:00.000-04:002008-08-06T18:56:47.954-04:00

It's Wednesday evening here in New York and so far the news from the Black Hat conference in Las Vegas has been... well, quiet. TGDaily said this and CNet puts it all in a portal here.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-32651747296870154302008-08-05T11:15:00.002-04:002008-08-05T11:30:03.637-04:00

OK. Here is a really good post from Firewall-Wizards mail list.The question: I'm having some issues with FTP traffic through our Cisco PIX 515E.Our corporate FTP server is located outside the firewall, and we recently upgraded the FTP server software. This resulted a noticeable increase in the speed uploading files to the server (5 MB/s+). However when attempts were made to download files from

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-25131482551218001112008-08-04T16:56:00.002-04:002008-08-04T17:41:58.497-04:00

As of July 28, 2008, Cisco PIX Security Appliance platforms/bundles are no longer being sold. Customers can still purchase accessories and licenses until January 27, 2009. It is important to note that Cisco will continue to support Cisco PIX Security Appliance customers through July 27, 2013. Follow this link to the announcement on the Cisco web site.For a Q&A regarding the End of Sale see: http

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-16690396496832513482007-12-22T10:32:00.000-05:002007-12-22T10:37:57.376-05:00

I've been quiet for several months now. I have actually been writing but not posting. The big reason for the silence is that I've been slowly converting my own Firewall from a PIX 501 over to an ASA 5505. While that may not seem much of a leap to many readers I decided to look at the transition from several points of view; converting from the 501 automagically and starting from scratch. I

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-47075206344414055542007-05-28T15:52:00.000-04:002007-05-28T15:56:06.366-04:00

The Eyeball Firewall product has apparently implemeted STUN and ICE. They have a good explanation of the technology here.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-28336188278773980062007-05-23T22:04:00.000-04:002007-05-23T22:11:48.152-04:00

If you have been to the RSA conference over the past couple of years you may have heard of a speaker named Andrew Jaquith from the Yankee Group (and prior to that one of the founders at security firm @stake). Andrew did a great presentation back at RSA 2005 that was about security vendors claims. It was a great presentation (luckily my company was not included). Andrew has been busy working on

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-54223238773233600792007-05-22T12:02:00.000-04:002007-05-22T11:00:36.197-04:00

The folks over at Google just launched an online security blog."Online security is an important topic for Google, our users, and anyone who uses the Internet. The related issues are complex and dynamic and we've been looking for a way to foster discussion on the topic and keep users informed. Thus, we've started this blog where we hope to periodically provide updates on recent trends, interesting

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-91839376164991891772007-05-22T08:55:00.000-04:002007-05-22T09:02:26.735-04:00

From XBox help and support: Xbox 360: Firewall ports that you must open when you connect an Xbox 360 console to a Windows Media Center-based computer. These rules are applied on a local (home) router between the XBox and the PC.A separate article on Firewall rules that need to be modifed on the Windows Media PC itself (assumes ICF or otehr PC based Firewall).

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-63500424229810028322007-05-20T18:21:00.000-04:002007-05-20T18:51:45.976-04:00

See RFC 4890 titled "Recommendations for Filtering ICMPv6 Messages in Firewalls".

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.comtag:blogger.com,1999:blog-7770070.post-1164465012490227112006-11-25T09:14:00.000-05:002006-11-25T09:39:57.010-05:00

I saw this interesting post this moring (courtesy of digg). It seems that a group (the majority of) Canadian ISPs have agreed to implement a "Clean Feed" type content filtering solution that would inspect and filter traffic coming to and from their customers. The objective of the Canadian project seems to to be completely legit; in that these ISPs are tyring to protect their customers from

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1164465120281036762006-11-10T08:00:00.000-05:002006-11-25T09:32:00.890-05:00

It has been and will be quiet here for a little while while my body undergoes some surgically assisted repairs.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1159472086624397082006-09-28T06:34:00.000-04:002006-09-28T15:34:46.963-04:00

Browsing the security news the other day I noticed that Thinking Stone, the commercial company behind the other wise open source web application Firewall modsecurity has been acquired (by Breach Security) .If I got it right this guy (Ivan Ristic) has created just about the perfect answer to the "how do I defend my web servers" problem. modescurity is a "intrusion detection and prevention"

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1156686429331854472006-08-27T09:26:00.000-04:002006-08-27T09:52:22.100-04:00

Earlier this week Cisco posted a security advisory regarding a vulnerability in the PIX Firewall. The short of it is that if you store passwords locally and change the configuration there is a chance that the passwords will not be written to flash memory correctly. The outcome is that you will be locked out of your PIX.The vulnerability affects all PIX running version v7 code [up to and

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0