Blessay:Firewalls Are Like Noses:Everyone’s Got One.
March 7, 2010 by Greg Ferro · 9 Comments
The thing about firewalls is that all networks have them. Once, firewall expertise was rare and a special job focus. Now, firewalls are like noses — everyone’s got one.
Design: Cisco Firewall Services Module Virtualization Design Traps
August 13, 2009 by Greg Ferro · Leave a Comment
The Cisco Firewall Service Modules (FWSM) has a design limitation based on its ability to discriminate packet forwarding between multiple contexts. It also applies to ASA/PIX software. Lets review this in detail and learn the evil consequences.
Blessay: Designing Enterprise DMZ and Multilayer Firewall Clusters
August 2, 2009 by Greg Ferro · 14 Comments
In modern Enterprise networks, you typically have many clusters of firewalls protecting assets in your network. Since we use two or more layers of firewalls, we can put our DMZ for intermediate security zones in different places in our network. Lets gather together the different options and consider the merits or not, and sometimes how they ‘self-build’.
IP Addressing for HA Links for ASA/FWSM/ACE Etc– Poll
November 6, 2008 by Greg Ferro · 7 Comments
What IP addressing do you use for the sync / failover / HA links between your highly available devices ?
TCP SYN Cookies — DDoS Defence
September 12, 2008 by Greg Ferro · 5 Comments
A TCP SYN Cookie is typically used in DDoS engines and load balancers to create another level of protocol security for Denial of Service attacks. Lets take a quick dive through the technology.
Lessons in IT Security From the Credit Crunch
April 24, 2008 by Greg Ferro · Leave a Comment
I read an article in the Financial Times Corroded to the core: How a staid Swiss bank let ambitions lead it into folly. It struck me how relevant this is to IT Security.
Cisco ASA Supports Two OSPF Processes
March 6, 2008 by Greg Ferro · 6 Comments
Sometimes, thinking too much stops you from checking the basics. I have often wished that the Cisco ASA supported more than one routing process like the Juniper Netscreen does (which does this brilliantly). Why didn’t I look for this sooner ?-
Cisco ASA and IOS Command Tip — Test Aaa-Server
February 18, 2008 by Greg Ferro · Leave a Comment
I have been working on a VPN setup that loads the Group Policy from a CiscoSecure ACS server. During the process I discovered the test aaa-server command. Its very handy tool when you are doing this kind of stuff.
Read on.….

