The folks over at Google just launched an online security blog.
"Online security is an important topic for Google, our users, and anyone who uses the Internet. The related issues are complex and dynamic and we've been looking for a way to foster discussion on the topic and keep users informed. Thus, we've started this blog where we hope to periodically provide updates on recent trends, interesting findings, and efforts related to online security. Among the issues we'll tackle is malware, which is the subject of our inaugural post."
"On the Firewall" is a online journal on the subject of network Firewalls and all things Internet security.
May 22, 2007
Home Firewall: Opening ports for XBox to PC communications
From XBox help and support: Xbox 360: Firewall ports that you must open when you connect an Xbox 360 console to a Windows Media Center-based computer. These rules are applied on a local (home) router between the XBox and the PC.
A separate article on Firewall rules that need to be modifed on the Windows Media PC itself (assumes ICF or otehr PC based Firewall).
A separate article on Firewall rules that need to be modifed on the Windows Media PC itself (assumes ICF or otehr PC based Firewall).
May 20, 2007
Filering ICMP in IPv6
See RFC 4890 titled "Recommendations for Filtering ICMPv6 Messages in Firewalls".
November 25, 2006
The Great Firewall of Canada?
I saw this interesting post this moring (courtesy of digg). It seems that a group (the majority of) Canadian ISPs have agreed to implement a "Clean Feed" type content filtering solution that would inspect and filter traffic coming to and from their customers. The objective of the Canadian project seems to to be completely legit; in that these ISPs are tyring to protect their customers from content that the government would otherwise find illegal. The target here as I read it is to filter kiddie porn and otehr such badness.
Things to look at to learn more about Clean Feeds include cybertip.ca , the Internet Watch Foundation in the UK, and the Censorware Project.
Technical note: This content filtering technology used to be something that could be enabled on a Firewall. I recently learned that security feature images on some routers now (or soon will) have similar capabilities.
Things to look at to learn more about Clean Feeds include cybertip.ca , the Internet Watch Foundation in the UK, and the Censorware Project.
Technical note: This content filtering technology used to be something that could be enabled on a Firewall. I recently learned that security feature images on some routers now (or soon will) have similar capabilities.
November 10, 2006
I'm Down
It has been and will be quiet here for a little while while my body undergoes some surgically assisted repairs.
September 28, 2006
modsecurity & Web Application Firewalls
Browsing the security news the other day I noticed that Thinking Stone, the commercial company behind the other wise open source web application Firewall modsecurity has been acquired (by Breach Security) .
If I got it right this guy (Ivan Ristic) has created just about the perfect answer to the "how do I defend my web servers" problem. modescurity is a "intrusion detection and prevention" system for web apps that can easily be deployed (with it's own Apache server).
He also has a great answer to yet another problem; how do I check what's going on in an SSL tunnel?. Given that modsecurity deploys on Apache the external clients SSL sessions terminate on the modsecurity box. Very neat.
I think the only objection one could throw in front of modsecurity is the inevitable "does it scale"? It looks like it has a nice GUI and the web site shows some good reports. Seems like if you deploy this and run into a performance barrier you would need to add additional modsecurity servers; scaling them like additional web servers. It would be interesting to figure out if the management and reporting scales?
If I got it right this guy (Ivan Ristic) has created just about the perfect answer to the "how do I defend my web servers" problem. modescurity is a "intrusion detection and prevention" system for web apps that can easily be deployed (with it's own Apache server).
He also has a great answer to yet another problem; how do I check what's going on in an SSL tunnel?. Given that modsecurity deploys on Apache the external clients SSL sessions terminate on the modsecurity box. Very neat.
I think the only objection one could throw in front of modsecurity is the inevitable "does it scale"? It looks like it has a nice GUI and the web site shows some good reports. Seems like if you deploy this and run into a performance barrier you would need to add additional modsecurity servers; scaling them like additional web servers. It would be interesting to figure out if the management and reporting scales?
August 27, 2006
PIX unintentional Password Mod Vulnerability
Earlier this week Cisco posted a security advisory regarding a vulnerability in the PIX Firewall. The short of it is that if you store passwords locally and change the configuration there is a chance that the passwords will not be written to flash memory correctly. The outcome is that you will be locked out of your PIX.
The vulnerability affects all PIX running version v7 code [up to and including v7.0(5) and v7.1 up to and including v7.1(2.4)]. If you are running v6 PIX OS you are fine. If you are running an ASA appliance you are running v7 code. This also impacts the v3.1(x or any) train of the Firewall Service Module. If you are using RADIUS or TACACS+ and have configured your PIX for remote authentication (usernames and passwords are defined on the AAA or ACS server) it looks like you are OK also.
The data affected is the passwords stored by either the passwd, username, or enable password commands. This data can be corrupted during a crash or if two users are trying to change the configuration using any management console (CLI, ADSM, PDM) at the same time. The trigger is when you save the password (write memory or equivalent). Apparently this bug writes some other, non random value into flash memory.
So if you were already really smart and using RADIUS or TACACS+ and an ACS server you are OK. Otherwise you may need plan for some network down time and to re-read those the PIX password recovery procedure.
My take on this is that there is very little room for an attacker to exploit this vulnerability. This is the type of problem that causes the Firewall Admin to hurt themselves by corrupting the locally stored password through normal use or maintenance.
The vulnerability affects all PIX running version v7 code [up to and including v7.0(5) and v7.1 up to and including v7.1(2.4)]. If you are running v6 PIX OS you are fine. If you are running an ASA appliance you are running v7 code. This also impacts the v3.1(x or any) train of the Firewall Service Module. If you are using RADIUS or TACACS+ and have configured your PIX for remote authentication (usernames and passwords are defined on the AAA or ACS server) it looks like you are OK also.
The data affected is the passwords stored by either the passwd, username, or enable password commands. This data can be corrupted during a crash or if two users are trying to change the configuration using any management console (CLI, ADSM, PDM) at the same time. The trigger is when you save the password (write memory or equivalent). Apparently this bug writes some other, non random value into flash memory.
So if you were already really smart and using RADIUS or TACACS+ and an ACS server you are OK. Otherwise you may need plan for some network down time and to re-read those the PIX password recovery procedure.
My take on this is that there is very little room for an attacker to exploit this vulnerability. This is the type of problem that causes the Firewall Admin to hurt themselves by corrupting the locally stored password through normal use or maintenance.
August 05, 2006
Great Port List Reference
I saw this list of TCP and UDP port numbers (from Wikipedia) up on digg this afternoon. Good stuff with good references.
Subscribe to:
Posts (Atom)