My EtherealMind» Security

ASA 5520 and ASA 5540 With Only One DIMM Memory Socket – Counterfeit Hardware

Greg Ferro — Tue, 20 Dec 2011 14:54:32 +0000

There is a significant numbers of ASA5110 chassis that have been reworked to look and act like ASA5520 or ASA5540 firewalls. Refer this bug toolkit for more details.

Soft Switching Fails at Scale

Greg Ferro — Sat, 09 Jul 2011 18:12:05 +0000

There is a significant camp of software developers who are developing software switching solutions for hypervisors. Which is nice, I guess. The use of software switching in the hypervisor has some good points but, in my view they are heavily outweighed by the bad. I present the use case, and show that software

Checkpoint/Nokia Firewall Clustering. Uh Oh.

Greg Ferro — Thu, 17 Mar 2011 17:00:37 +0000

I've been reviewing a network that has some CheckPoint firewalls that have been unstable, and while this isn't surprising (in my experience, it's common enough for Checkpoint firewalls to be unstable for some reason or the other), this time I've been faced with Checkpoint Clustering. A few years back I tried to make this work, but gave up when CheckPoint couldn't make it work either. A few years later, I find someone brave enough to attempt it. This time it's different, I'm the one who has to justify why it's a bad idea. Now that the manuals are not secret anymore I think I've found out why.

Cloud Security Blanket – I’m Safe NOW

Greg Ferro — Thu, 17 Mar 2011 15:51:27 +0000

I've got a Cloud Security Blanket. Got to know that all my data is safes now.

End of Life Notice for Cisco CS-MARS Questions CiscoíS Commitment to Security.

Greg Ferro — Wed, 08 Dec 2010 11:43:12 +0000

Cisco announces End Of Life for CS-MARS. Whither goes Cisco's commitment to Security ?

Cisco and Their Security Strategy

Greg Ferro — Sat, 03 Jul 2010 15:24:17 +0000

Recently, the Security Strategy from Cisco has become vague and ill defined.

Cisco ASA Failover License Changes in Version 8.3

Greg Ferro — Wed, 28 Apr 2010 06:15:02 +0000

Quick notes on the Virtual Context licensing requirements when using a Active/Standby (Failover) pair and looking for gotchas and traps.

F5 LTM and Tcp Timouts

admin — Thu, 15 Apr 2010 08:23:06 +0000

One of the dangers of being from a pure cisco background is assumption. You treat all devices as if they have the same defaults as ‘normal’ Cisco devices. I think I’m pretty good at avoiding this, but it gets us all sometimes. As we all know, when you run long lived TCP connections through application [...]

Blessay:Firewalls Are Like Noses:Everyone’s Got One.

Greg Ferro — Sun, 07 Mar 2010 08:10:13 +0000

The thing about firewalls is that all networks have them. Once, firewall expertise was rare and a special job focus. Now, firewalls are like noses - everyone's got one.

Design: Cisco Firewall Services Module Virtualization Design Traps

Greg Ferro — Thu, 13 Aug 2009 20:31:50 +0000

The Cisco Firewall Service Modules (FWSM) has a design limitation based on its ability to discriminate packet forwarding between multiple contexts. It also applies to ASA/PIX software. Lets review this in detail and learn the evil consequences.

Blessay: Designing Enterprise DMZ and Multilayer Firewall Clusters

Greg Ferro — Sun, 02 Aug 2009 15:44:46 +0000

In modern Enterprise networks, you typically have many clusters of firewalls protecting assets in your network. Since we use two or more layers of firewalls, we can put our DMZ for intermediate security zones in different places in our network. Lets gather together the different options and consider the merits or not, and sometimes how they 'self-build'.

IP Addressing for HA Links for ASA/FWSM/ACE Etc- Poll

Greg Ferro — Thu, 06 Nov 2008 17:42:28 +0000

What IP addressing do you use for the sync / failover / HA links between your highly available devices ?

TCP SYN Cookies – DDoS Defence

Greg Ferro — Fri, 12 Sep 2008 03:59:51 +0000

A TCP SYN Cookie is typically used in DDoS engines and load balancers to create another level of protocol security for Denial of Service attacks. Lets take a quick dive through the technology. What is a SYN Cookie and Why do I want them ? A SYN cookie is a specific choice of initial TCP [...]

Lessons in IT Security From the Credit Crunch

Greg Ferro — Thu, 24 Apr 2008 17:03:35 +0000

I read an article in the Financial Times Corroded to the core: How a staid Swiss bank let ambitions lead it into folly. It struck me how relevant this is to IT Security. UBSís current losses were triggered by the meltdown in the US subprime mortgage market. But the seeds of the bankís downfall were [...]

Cisco ASA Supports Two OSPF Processes

Greg Ferro — Thu, 06 Mar 2008 22:16:26 +0000

Sometimes, thinking too much stops you from checking the basics. I have often wished that the Cisco ASA supported more than one routing process like the Juniper Netscreen does (which does this brilliantly). Why didn't I look for this sooner ?-

Cisco ASA and IOS Command Tip – Test Aaa-Server

Greg Ferro — Mon, 18 Feb 2008 23:36:50 +0000

I have been working on a VPN setup that loads the Group Policy from a CiscoSecure ACS server. During the process I discovered the test aaa-server command. Its very handy tool when you are doing this kind of stuff. Read on.....