tag:blogger.com,1999:blog-77700702011-12-14T21:54:53.870-05:00"On the Firewall" is a online journal on the subject of network Firewalls and Internet security. Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.comBlogger561100tag:blogger.com,1999:blog-7770070.post-1204322519584225732009-02-18T08:33:00.007-05:002009-02-18T08:55:48.505-05:00

Many outlets (Reuters, PC World, TweakTown, etc,...) are reporting that Trend is going to e developing and selling Security as a Service (SECaaS?) via it's ProtectLink Protect Gateway offering. I found the best description of the offer at the Cisco site. With this new software on your Internet router Trend will be able to push updates whenever they become available. Is this a great thing? In

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-82986271638065723532008-08-18T07:18:00.000-04:002008-08-18T10:21:28.845-04:00

News out of DefCon earlier this month that Telnet is still the most wide open port that Fyodor and the folks at the NMAP Project found when scanning the Internet. The rest of the list shouldn't be a big surprise: HTTP, HTTPS, and SSH.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com1tag:blogger.com,1999:blog-7770070.post-28313479275572024382008-08-08T11:25:00.000-04:002008-08-08T11:36:20.082-04:00

If you have requirements to convert Linux Firewall rules over to the PIX, ASA, or IOS you probably want to look at the SourceForge (open source) project Firewall Builder. From the project summary "Object-oriented GUI and set of compilers for various firewall platforms. Currently implemented compilers for iptables, ipfilter, OpenBSD pf, ipfw, Cisco PIX firewall and routers access lists.". At the

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-62304754039988607892008-08-06T18:51:00.000-04:002008-08-06T18:56:47.954-04:00

It's Wednesday evening here in New York and so far the news from the Black Hat conference in Las Vegas has been... well, quiet. TGDaily said this and CNet puts it all in a portal here.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-32651747296870154302008-08-05T11:15:00.002-04:002008-08-05T11:30:03.637-04:00

OK. Here is a really good post from Firewall-Wizards mail list.The question: I'm having some issues with FTP traffic through our Cisco PIX 515E.Our corporate FTP server is located outside the firewall, and we recently upgraded the FTP server software. This resulted a noticeable increase in the speed uploading files to the server (5 MB/s+). However when attempts were made to download files from

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-25131482551218001112008-08-04T16:56:00.002-04:002008-08-04T17:41:58.497-04:00

As of July 28, 2008, Cisco PIX Security Appliance platforms/bundles are no longer being sold. Customers can still purchase accessories and licenses until January 27, 2009. It is important to note that Cisco will continue to support Cisco PIX Security Appliance customers through July 27, 2013. Follow this link to the announcement on the Cisco web site.For a Q&A regarding the End of Sale see: http

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-16690396496832513482007-12-22T10:32:00.000-05:002007-12-22T10:37:57.376-05:00

I've been quiet for several months now. I have actually been writing but not posting. The big reason for the silence is that I've been slowly converting my own Firewall from a PIX 501 over to an ASA 5505. While that may not seem much of a leap to many readers I decided to look at the transition from several points of view; converting from the 501 automagically and starting from scratch. I

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-47075206344414055542007-05-28T15:52:00.000-04:002007-05-28T15:56:06.366-04:00

The Eyeball Firewall product has apparently implemeted STUN and ICE. They have a good explanation of the technology here.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-28336188278773980062007-05-23T22:04:00.000-04:002007-05-23T22:11:48.152-04:00

If you have been to the RSA conference over the past couple of years you may have heard of a speaker named Andrew Jaquith from the Yankee Group (and prior to that one of the founders at security firm @stake). Andrew did a great presentation back at RSA 2005 that was about security vendors claims. It was a great presentation (luckily my company was not included). Andrew has been busy working on

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-54223238773233600792007-05-22T12:02:00.000-04:002007-05-22T11:00:36.197-04:00

The folks over at Google just launched an online security blog."Online security is an important topic for Google, our users, and anyone who uses the Internet. The related issues are complex and dynamic and we've been looking for a way to foster discussion on the topic and keep users informed. Thus, we've started this blog where we hope to periodically provide updates on recent trends, interesting

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-91839376164991891772007-05-22T08:55:00.000-04:002007-05-22T09:02:26.735-04:00

From XBox help and support: Xbox 360: Firewall ports that you must open when you connect an Xbox 360 console to a Windows Media Center-based computer. These rules are applied on a local (home) router between the XBox and the PC.A separate article on Firewall rules that need to be modifed on the Windows Media PC itself (assumes ICF or otehr PC based Firewall).

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-63500424229810028322007-05-20T18:21:00.000-04:002007-05-20T18:51:45.976-04:00

See RFC 4890 titled "Recommendations for Filtering ICMPv6 Messages in Firewalls".

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.comtag:blogger.com,1999:blog-7770070.post-1164465012490227112006-11-25T09:14:00.000-05:002006-11-25T09:39:57.010-05:00

I saw this interesting post this moring (courtesy of digg). It seems that a group (the majority of) Canadian ISPs have agreed to implement a "Clean Feed" type content filtering solution that would inspect and filter traffic coming to and from their customers. The objective of the Canadian project seems to to be completely legit; in that these ISPs are tyring to protect their customers from

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1164465120281036762006-11-10T08:00:00.000-05:002006-11-25T09:32:00.890-05:00

It has been and will be quiet here for a little while while my body undergoes some surgically assisted repairs.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1159472086624397082006-09-28T06:34:00.000-04:002006-09-28T15:34:46.963-04:00

Browsing the security news the other day I noticed that Thinking Stone, the commercial company behind the other wise open source web application Firewall modsecurity has been acquired (by Breach Security) .If I got it right this guy (Ivan Ristic) has created just about the perfect answer to the "how do I defend my web servers" problem. modescurity is a "intrusion detection and prevention"

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1156686429331854472006-08-27T09:26:00.000-04:002006-08-27T09:52:22.100-04:00

Earlier this week Cisco posted a security advisory regarding a vulnerability in the PIX Firewall. The short of it is that if you store passwords locally and change the configuration there is a chance that the passwords will not be written to flash memory correctly. The outcome is that you will be locked out of your PIX.The vulnerability affects all PIX running version v7 code [up to and

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1154827905138732212006-08-05T21:28:00.000-04:002006-08-05T21:54:42.356-04:00

I saw this list of TCP and UDP port numbers (from Wikipedia) up on digg this afternoon. Good stuff with good references.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1154401119261474032006-07-31T22:55:00.000-04:002006-07-31T22:58:40.926-04:00

Just when I was starting to think that there was nothing good on digg anymore I came across this post about "How to Bypass Firewall Restrictions A.K.A. The Surf At Work Page". This is great stuff. The point of this paper is to explain the use of encrypted tunneling as a means of getting through a Firewall or filtered environment. The paper was originally written in 2002 and last updated in March

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1152058603676043482006-07-04T20:16:00.000-04:002006-07-04T21:54:59.610-04:00

CNet dot com reports that a group of computer experts have broken the Firewalls used by the Chinese government to restrict IP traffic going in and out of the country. Interestingly enough the attack is launched from the outside. To their additional credit the team from the University of Cambridge reported their findings to the Chinese Computer Emergency Response Team.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1147277923980385732006-05-10T08:06:00.000-04:002006-05-10T12:18:44.430-04:00

If you haven't looked at "HowtoForge" it's a neat site that's valuable to bookmark and check regularly.There is a good article up there titled "How To Test Your Linux-Distro Firewall", that gives a brief introduction to FTester. FTest is a security policy enforcement point (think Firewall or IDS) testing tool based on a couple of Perl scripts.Anybody out there in the world that has been

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1147275358908697402006-05-10T07:29:00.000-04:002006-05-10T19:22:26.093-04:00

ICE = Interactive Connectivity Establishment"The Interactive Connectivity Establishment (ICE) draft, developed by the IETF's MMUSIC working group, provides a framework to unify the various NAT traversal techniques. This enables SIP-based VoIP clients to successful traverse the variety of firewalls that may exist between a remote user and a network."The above is from a good intro article that

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1147095769241815702006-05-08T08:05:00.000-04:002006-05-08T09:42:57.176-04:00

ZDNet has an article on a new Yankee Group report out today that says Microsoft's new Vista operating system will have improved security capabilities and "significantly shrink" the market for add-on anti spyware and personal firewall software. "Yankee Group expects Vista to significantly shrink the aftermarket for antispyware and desktop firewalls," analyst Andrew Jaquith wrote in the report. I

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1147096369036899972006-05-05T18:35:00.000-04:002006-05-08T09:53:54.100-04:00

I don't know if anyone else is seeing this but the BlogThis! extension that I frequently use with Firefox seems broken. If you use it and try to port a entry either as a draft or published to your blog you may see the word "null" in the link field. When I see that BlogThis! isn't working and there is no blog entry.I wish I had noticed this sooner. I lost some interesting blog entries over the

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1143236989268448532006-03-24T16:49:00.000-05:002006-03-24T16:49:49.956-05:00

Mike Rothman wrote this article about John Chamber's Keynote @ RSA. I was there and I thought the talk was one of the best I heard or saw but let me be really clear with my disclaimer that John is my boss. Check it out.I was going to post an post RSA article (that I am STILL working on). In short it was agood conference and show. The presentations that I thought would be valuable were not

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1141412906540140352006-03-03T12:15:00.000-05:002006-03-03T14:08:27.036-05:00

This FAQ type tutorial originally appeared up on digg and is more commercial that the previous SSH article I referenced.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1140365597368654012006-02-19T11:12:00.000-05:002006-02-19T11:15:59.293-05:00

1. Change the router password. 2. Update the Linksys router firmware. 3. When using DHCP reduce the number of addresses. 4. Turn off services and pass throughs that you don't use. 5. Turn off SNMP on Linksys 6. Turn off wireless if you are not using it 7. If you are using wireless, change your SSID to some word that you and your family know. 8. If you are using wireless, use wireless security. 9.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1139680806613877782006-02-11T13:00:00.000-05:002006-02-19T11:22:45.020-05:00

Great article with notes and references on getting started with SSH by Kimmo Suominen. He's writing for people that using Linux but explains some of the technology behind SSH making it easier to understand. For more information about SSH see the FAQ. He also covers SCP for file transfers (and mentions my favorite WinSCP)

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1137003800797813372006-01-11T13:30:00.000-05:002006-02-19T11:41:57.796-05:00

In case you didn't know you can run firmware developers by folk's other than Linksys on a Linksys router. Why? The best answer to this question is that these other developers are adding features that Linksys just doesn't have in their firmware. Like what? Most often it's support for advanced crypto (AES cypher) or routing (protocols other than RIP). Here's a link to an article by Eric at

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1136247323417311592006-01-02T19:15:00.000-05:002006-02-19T11:53:32.903-05:00

Something that I think everyone using the Internet should be concerned about is protecting the Domain Name System or DNS. Without DNS this blog, Google, all my other work, and everything else would be a series of IP addresses in dotted decimal notation.While I'm not usually a fan of thinking found on Tech Republic (I have a link to a link sometimes to yet another link to some content problem)

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1134932171320210922005-12-24T13:30:00.000-05:002006-01-05T11:07:06.270-05:00

This is a link to all PIX Firewall documentation from version 2.7 through 7.0.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1135014495803232302005-12-19T12:30:00.000-05:002005-12-19T12:48:16.136-05:00

If you have a moment (and are looking for a laugh) please take a look at my personal online holiday greeting to everyone in the IT business.As the year draws to a close I have a lot to be thankful for. I find it's a good time to think about those who are less fortunate. If you can spare some money (it doesn't have to be much) these folks could sure use all of our help.Happy holidays!

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1134659980965248312005-12-15T07:55:00.000-05:002005-12-15T18:04:45.196-05:00

The list of Common Vulnerabilities and Exposures or CVE creates a list of standardized names for vulnerabilities and other information security exposures. The goal of CVE is to make it easier to share data across separate vulnerability databases and security tools. In the past if a vulnerability was discovered on one platform, say Windows and then also found in Linux it might have a different

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1134407252683245712005-12-12T12:10:00.000-05:002005-12-12T14:12:02.050-05:00

I saw a reference to an article titled Inexpensive Cisco Network Log Analysis by Mark Lachniet over at LinuxSecurity.com this morning. The log analysis article is well written and describes setting up Kiwi Syslog, configuring a PIX Firewall for syslog; and then configuring Sawmill log analyzer to provide reports based on the logged data.Reading through the article the PIX configuration had

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1133469252691428972005-12-01T17:32:00.000-05:002005-12-01T15:39:20.466-05:00

This (or click on the title above) is a paper I wrote on how to configure the PIX for SSH. It's really very easy to do.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1133454038912396342005-12-01T08:01:00.000-05:002005-12-01T11:52:01.506-05:00

If you are trying to upgrade the firmware on your Linksys router and you are not sure which version of the hardware you have make sure to look at the label on the bottom of the router. The version number of the router is right next to the model number.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1133358066837283422005-11-30T08:29:00.000-05:002005-11-30T09:51:29.913-05:00

I think that Konstantin Gavrilenko from Arhont Ltd.- Information Security did an outstanding job of documenting a Cisco PIX TCP Connection Prevention vulnerability. Cisco's response to this vulnerability announcement is here. He has documented what could be termed a resource attack on the PIX; forcing the Firewall to expend unnecessary resources reacting to a scripted packet. This attack could

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1132669920364429462005-11-22T09:00:00.000-05:002005-11-22T09:33:19.016-05:00

The folks over at SANS.org released version 6 of their Top Twenty List of Critical Security Vulnerabilities today. When SANS started publishing their lists I always advised security analysts and in particular Firewall admins to strongly consider these vulnerabilities when creating and maintaining Firewall rules. Some time back the folks that compile the list started breaking out Windows

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1132331878805363562005-11-18T07:30:00.000-05:002005-11-18T11:56:29.916-05:00

I don't know if anyone saw this coming; Black Hat was acquired by CMP Media for about $10 million dollars. I know that when you look at the web site Black Hat lists consulting services available but I had never actually read anything about work they might have done. The Black Hat conference is the premiere annual security event. I think everyone is asking the question will Black Hat be able to

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1130815813687280032005-10-31T22:00:00.000-05:002005-10-31T22:30:13.700-05:00

When setting up a Linksys router; and by that I mean any Linksys router you may notice that by default the setup program turns on DHCP and allows the DHCP server to allocate up to 253 IP addresses. For many folks this number should be in the range of 1 to 3. I have 8 PCs, two network printers, two wireless access points, and a network storage device and I manage to use only 8 IP addresses (OK,

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1130872237036288632005-10-02T13:30:00.000-04:002005-11-01T14:10:59.590-05:00

If you find that you have to reset your Linksys router on a weekly basis you really need to check to make sure that it is running the latest firmware.Using your web browser enter "www.linksys.com". (Note to Linksys) Be patient as sometimes this page takes up to a minute to load even on the fastest broadband connections. Look under the "Support" drop menu and select "Downloads". There you will

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1130816732044907642005-09-28T21:00:00.000-04:002005-11-01T13:15:59.136-05:00

If you ever find yourself locked out of your Linksys router don't worry. Resetting a Linksys router back to it's default factory configuration is easy.#1 - Prepare for the reset by removing any Ethernet connections attached to the router.#2 - Locate the reset button on the back of the router. If you press and release the reset button the router restarts.#3 - Press and hold the reset button while

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1104116623296141582004-12-26T21:42:00.000-05:002004-12-27T12:06:58.020-05:00

Just a few days after the release of the USA Today / Avantgarde study about how long an unprotected PC might survive on a network before experiencing a variety of un-targeted attacks; the folks at the Honeynet Project released the results of a similar study that looks at the "time to live" for various Linux distributions. The study finds that Most Linux PCs are much less vulnerable to attack

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1103033794104888292004-12-14T08:00:00.000-05:002004-12-27T12:08:18.123-05:00

USA Today recently sponsored some testing to determine how long various types of unprotected PCs could survive on the Internet. In at l;east one instance an unprotected PC running Windows XP was broken in to within 4 minutes of being started and attached to the Internet. It should be clear to all that this type of research is valuable in a couple of ways. First off for USA Today it sells lots of

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1101524063745534922004-11-26T21:47:00.000-05:002004-11-26T23:09:10.263-05:00

Robert Scoble of Microsoft writes a great blog that I read regularly. I was catching up this evening and noticed an entry titled "Sticking it to the man Firefox style". One of the things that Rob has learned from Firefox was: "3) Security -- or the perception of having security -- is now a driver. It's why Microsoft is spending so much time on security now.". I can't help wonder if in the

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1101530302250131452004-11-26T17:30:00.000-05:002004-12-26T22:04:35.463-05:00

I'm looking at a number of the log tools available for a couple of different Firewall products. I'm trying to determine how useful these tools are in determining what the Firewall is providing in the way of protection. I'm currently using the Linksys BEFSX41 Firewall / router. The first log tool I decided to look at was included on the Linksys products install CD. Linksys bundles a program

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com1tag:blogger.com,1999:blog-7770070.post-1101332863932635122004-11-24T16:15:00.000-05:002004-11-24T16:47:43.933-05:00

If anyone else out there in the world is using a Linksys BEFW11S4 router (4 ports 10/100 with a 802.11B wireless access point) to connect to the Internet and you notice that it's not working properly take a look at the "power" LED on the front of the device. Apparently this can happen to just about any Linksys router. If that LED is blinking it means that the router was not able to load the

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com8tag:blogger.com,1999:blog-7770070.post-1100978078334849282004-11-20T22:02:00.000-05:002004-11-20T22:51:52.733-05:00

After my previous blog post I received an email from one of the firms that I had described based on reading several articles as developing this new application Firewall test criteria. The message pointed out that there were two factual errors in my previous post. The claimed first error was that this group has posted their criteria. I checked the InfoWorld article that I had based much of my

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1100988557760905552004-11-20T18:00:00.000-05:002004-11-24T16:20:32.323-05:00

This is possibly a future classic... It seems that a Microsoft security technology architect named Fred Baumhardt was ripping "Firewalls" at a technology briefing on the need for next generation Firewalls. "We are all bloody lucky that something hasn't obliterated IT on earth," said Baumhardt. "Firewalls are like retarded routers. They just look at the ports, sources and destinations they like.

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com2tag:blogger.com,1999:blog-7770070.post-1100554332870136532004-11-15T08:30:00.000-05:002004-11-15T16:41:24.560-05:00

InfoWorld has an article about the launch of the Application Security Consortium (no link, see note directly below), a group of application Firewall vendors who want to establish minimum requirements for what can be called an application Firewall. Note: Amazingly the InfoWorld folks linked the Application Security Consortium to a profile for a New York based company, Application Security

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com1tag:blogger.com,1999:blog-7770070.post-1092416214474032142004-08-13T12:46:00.000-04:002004-08-13T12:56:54.473-04:00

CNet News reported yesterday that broadband subscribers attached to various cable providers were experiencing problems with some VoIP calls being blocked. The article points out that some "angry customers" atributed the problem to overzealous cable companies trying to bolster their own VoIP offerings. Reading the rest of the article it's clear that this probably relates back to filters these

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1092332089105333462004-08-12T13:24:00.000-04:002004-11-13T18:09:53.420-05:00

Computer Business Review points out that personal Firewall vendors now have a new competitor in Microsoft. Microsoft Windows XP Service pack 2 ships with a more capable version of the Internet Connection Firewall (ICF). In order to deal with new Microsoft software personal Firewall vendors will have to add the capability to detect the running ICF and turn it off before they install their own

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com2tag:blogger.com,1999:blog-7770070.post-1092284640287182812004-08-09T12:14:00.000-04:002004-08-12T02:35:23.610-04:00

I've been working on a list of the top ten data points to look for in Firewall logs. This is a work in progress. I'm not sure if I've got all the right events listed here or if the order is right. #1 - Authentication Allowed (user from outside allowed in) I ranked this event highly since this is the case were someone from the outside has been allowed in. I think these are most important as

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1091198599407250902004-07-30T08:29:00.000-04:002004-07-30T11:29:08.470-04:00

I was scanning the web looking for interesting content this morning on Firewalls and noticed David Psicitello's web log. Dave is the President of Core Competence which is a data network consulting firm. I first met Dave years ago at the First "The Intenet Security Conference" or TISC that was held in San Jose in the late 1990's(he met a couple of hundred people at that event so I don't count on

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1091158376169937402004-07-29T23:27:00.000-04:002004-07-29T23:32:56.170-04:00

Work on the book proposal is nearing completion. The working title will be "Firewall Fundamentals". I've got the scope of the book, the Firewall market and the competitive portions of the proposal completed. The writing outline is looking great to me. I have a lot of detail in there. I've got some work to do in defining the audience, listing key objectives, and defining the format. I hope

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1091027369985762812004-07-28T10:57:00.000-04:002004-07-28T13:50:16.436-04:00

As I start doing research for my Introduction to Firewalls book I'm looking at some of the information that is out on the Internet that I've always recommended. Two resources that I often suggest are the Firewall FAQ at Interhack and Robert Grahams "What am I seeing" Firewall Forensics FAQ for Firewall logs. The Firewall FAQ does an excellent job or answering most of questions that someone who

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0tag:blogger.com,1999:blog-7770070.post-1090964323859102932004-07-27T17:14:00.000-04:002004-07-27T19:56:21.086-04:00

Based on a conversation I had a couple of weeks ago with one of the acquisition editors at Cisco Press I have decided to pursue a dream and write an introduction to Firewalls book. The funny thing is that about two years ago I contacted Cisco Press (different people then) and asked if they would be interested in a book that introduced readers to Firewall technology. At the time they weren't

Brianhttp://www.blogger.com/profile/04646124564497456836noreply@blogger.com0