My New Firewall...

I've been quiet for several months now. I have actually been writing but not posting. The big reason for the silence is that I've been slowly converting my own Firewall from a PIX 501 over to an ASA 5505. While that may not seem much of a leap to many readers I decided to look at the transition from several points of view; converting from the 501 automagically and starting from scratch. I also upgraded my Internet service from a single DHCP from a cable modem to a higher bandwidth cable connection that provides 5 fixed IP addresses. I look forward to sharing this experience with interested readers over the next weeks and months.

More STUN & ICE

The Eyeball Firewall product has apparently implemeted STUN and ICE. They have a good explanation of the technology here.

Security Metrics dot org

If you have been to the RSA conference over the past couple of years you may have heard of a speaker named Andrew Jaquith from the Yankee Group (and prior to that one of the founders at security firm @stake). Andrew did a great presentation back at RSA 2005 that was about security vendors claims. It was a great presentation (luckily my company was not included). Andrew has been busy working on this Security Metrics dot org site and a conference called MetriCon.

Google Online Security Blog

The folks over at Google just launched an online security blog.

"Online security is an important topic for Google, our users, and anyone who uses the Internet. The related issues are complex and dynamic and we've been looking for a way to foster discussion on the topic and keep users informed. Thus, we've started this blog where we hope to periodically provide updates on recent trends, interesting findings, and efforts related to online security. Among the issues we'll tackle is malware, which is the subject of our inaugural post."

Home Firewall: Opening ports for XBox to PC communications

From XBox help and support: Xbox 360: Firewall ports that you must open when you connect an Xbox 360 console to a Windows Media Center-based computer. These rules are applied on a local (home) router between the XBox and the PC.

A separate article on Firewall rules that need to be modifed on the Windows Media PC itself (assumes ICF or otehr PC based Firewall).

Filering ICMP in IPv6

See RFC 4890 titled "Recommendations for Filtering ICMPv6 Messages in Firewalls".

The Great Firewall of Canada?

I saw this interesting post this moring (courtesy of digg). It seems that a group (the majority of) Canadian ISPs have agreed to implement a "Clean Feed" type content filtering solution that would inspect and filter traffic coming to and from their customers. The objective of the Canadian project seems to to be completely legit; in that these ISPs are tyring to protect their customers from content that the government would otherwise find illegal. The target here as I read it is to filter kiddie porn and otehr such badness.

Things to look at to learn more about Clean Feeds include cybertip.ca , the Internet Watch Foundation in the UK, and the Censorware Project.

Technical note: This content filtering technology used to be something that could be enabled on a Firewall. I recently learned that security feature images on some routers now (or soon will) have similar capabilities.

I'm Down

It has been and will be quiet here for a little while while my body undergoes some surgically assisted repairs.