"On the Firewall" is a online journal on the subject of network Firewalls and all things Internet security.
December 24, 2005
PIX Firewall Documentation
This is a link to all PIX Firewall documentation from version 2.7 through 7.0.
December 19, 2005
Happy Holidays
If you have a moment (and are looking for a laugh) please take a look at my personal online holiday greeting to everyone in the IT business.
As the year draws to a close I have a lot to be thankful for. I find it's a good time to think about those who are less fortunate. If you can spare some money (it doesn't have to be much) these folks could sure use all of our help.
Happy holidays!
As the year draws to a close I have a lot to be thankful for. I find it's a good time to think about those who are less fortunate. If you can spare some money (it doesn't have to be much) these folks could sure use all of our help.
Happy holidays!
December 15, 2005
Common Vulnerabilities and Exposures - CVE
The list of Common Vulnerabilities and Exposures or CVE creates a list of standardized names for vulnerabilities and other information security exposures. The goal of CVE is to make it easier to share data across separate vulnerability databases and security tools. In the past if a vulnerability was discovered on one platform, say Windows and then also found in Linux it might have a different name or title while essentially being the same issue. This highlights a problem in the use of the word "vulnerability" in the security world today.
To many It professionals a "vulnerability" refers to any fact about a computer system that is a security concern in their network environment. The CVE web site cites the TCP/IP finger protocol as an example. Since the finger service reveals user information, many network operators put in place security policies that disallow finger from being run on some systems. That makes sense at the edge where finger service might be exploited, but there might be real uses for finger in other parts of the network. But because of the issue at the edge finger would be considered a "vulnerability" and described as such in that networks security policy.
Rather than referring to this as a vulnerability even though given different use cases different use cases this may not be considered to be vulnerabilities by everyone. So CVE introduces the term "exposure" to allow a service to be identified as potentially creating a security issue without necessarily being a problem.
CVE defines vulnerabilities and exposures like this:
To many It professionals a "vulnerability" refers to any fact about a computer system that is a security concern in their network environment. The CVE web site cites the TCP/IP finger protocol as an example. Since the finger service reveals user information, many network operators put in place security policies that disallow finger from being run on some systems. That makes sense at the edge where finger service might be exploited, but there might be real uses for finger in other parts of the network. But because of the issue at the edge finger would be considered a "vulnerability" and described as such in that networks security policy.
Rather than referring to this as a vulnerability even though given different use cases different use cases this may not be considered to be vulnerabilities by everyone. So CVE introduces the term "exposure" to allow a service to be identified as potentially creating a security issue without necessarily being a problem.
CVE defines vulnerabilities and exposures like this:
A universal vulnerability is a state in a computing system (or set of systems) which either:
- allows an attacker to execute commands as another user
- allows an attacker to access data that is contrary to the specified access restrictions for that data
- allows an attacker to pose as another entity
- allows an attacker to conduct a denial of service
- allows an attacker to conduct information gathering activities
- allows an attacker to hide activities
- includes a capability that behaves as expected, but can be easily compromised
- is a primary point of entry that an attacker may attempt to use to gain access to the system or data
- is considered a problem according to some reasonable security policy
December 12, 2005
Inexpensive Cisco Network Log Analysis
I saw a reference to an article titled Inexpensive Cisco Network Log Analysis by Mark Lachniet over at LinuxSecurity.com this morning. The log analysis article is well written and describes setting up Kiwi Syslog, configuring a PIX Firewall for syslog; and then configuring Sawmill log analyzer to provide reports based on the logged data.
Reading through the article the PIX configuration had one issue: the author omitted the "logging on" command that enables the logging process on the PIX.
If you are thinking of running Kiwi and the Sawmill analyzer I'd suggest starting out with a PIX Firewall that is at the same location as the syslog server. The PIX can generate quite a lot of log data and I'd suggest learning what your PIX will log given your network, users, and applications before trying to setup logging from a remote location.
Reading through the article the PIX configuration had one issue: the author omitted the "logging on" command that enables the logging process on the PIX.
If you are thinking of running Kiwi and the Sawmill analyzer I'd suggest starting out with a PIX Firewall that is at the same location as the syslog server. The PIX can generate quite a lot of log data and I'd suggest learning what your PIX will log given your network, users, and applications before trying to setup logging from a remote location.
December 01, 2005
How to configure your PIX Firewall for SSH
This (or click on the title above) is a paper I wrote on how to configure the PIX for SSH. It's really very easy to do.
What Model & Version of Linksys Hardware?
Subscribe to:
Posts (Atom)