Thursday, March 18, 2010

You are here: Home / Blog / Security
Blessay:Firewalls Are Like Noses:Everyone’s Got One.

Blessay:Firewalls Are Like Noses:Everyone’s Got One.

March 7, 2010 by Greg Ferro · 9 Comments 

The thing about fire­walls is that all net­works have them. Once, fire­wall expert­ise was rare and a spe­cial job focus. Now, fire­walls are like noses — everyone’s got one.

Filed under Blessay, Security · Tagged with

Design: Cisco Firewall Services Module Virtualization Design Traps

Design: Cisco Firewall Services Module Virtualization Design Traps

August 13, 2009 by Greg Ferro · Leave a Comment 

The Cisco Firewall Service Modules (FWSM) has a design lim­it­a­tion based on its abil­ity to dis­crim­in­ate packet for­ward­ing between mul­tiple con­texts. It also applies to ASA/​PIX soft­ware. Lets review this in detail and learn the evil consequences.

Filed under Design, Security · Tagged with , , , ,

Blessay: Designing Enterprise DMZ and Multilayer Firewall Clusters

Blessay: Designing Enterprise DMZ and Multilayer Firewall Clusters

August 2, 2009 by Greg Ferro · 14 Comments 

In mod­ern Enterprise net­works, you typ­ic­ally have many clusters of fire­walls pro­tect­ing assets in your net­work. Since we use two or more lay­ers of fire­walls, we can put our DMZ for inter­me­di­ate secur­ity zones in dif­fer­ent places in our net­work. Lets gather together the dif­fer­ent options and con­sider the mer­its or not, and some­times how they ‘self-​​build’.

Filed under Blessay, Blog, Design, Featured, Security · Tagged with , , ,

IP Addressing for HA Links for ASA/​FWSM/​ACE Etc– Poll

IP Addressing for HA Links for ASA/​FWSM/​ACE Etc– Poll

November 6, 2008 by Greg Ferro · 7 Comments 

What IP address­ing do you use for the sync /​ fail­over /​ HA links between your highly avail­able devices ?

Filed under Design, Operation, Security · Tagged with ,

TCP SYN Cookies — DDoS Defence

September 12, 2008 by Greg Ferro · 5 Comments 

A TCP SYN Cookie is typ­ic­ally used in DDoS engines and load bal­an­cers to cre­ate another level of pro­tocol secur­ity for Denial of Service attacks. Lets take a quick dive through the technology.

Filed under Design, Security · Tagged with , ,

Lessons in IT Security From the Credit Crunch

April 24, 2008 by Greg Ferro · Leave a Comment 

I read an art­icle in the Financial Times Corroded to the core: How a staid Swiss bank let ambi­tions lead it into folly. It struck me how rel­ev­ant this is to IT Security.

Filed under Opinion, Security · Tagged with

Cisco ASA Supports Two OSPF Processes

March 6, 2008 by Greg Ferro · 6 Comments 

Sometimes, think­ing too much stops you from check­ing the basics. I have often wished that the Cisco ASA sup­por­ted more than one rout­ing pro­cess like the Juniper Netscreen does (which does this bril­liantly). Why didn’t I look for this sooner ?-

Filed under Cisco, Security · Tagged with , , ,

Cisco ASA and IOS Command Tip — Test Aaa-​​Server

February 18, 2008 by Greg Ferro · Leave a Comment 

I have been work­ing on a VPN setup that loads the Group Policy from a CiscoSecure ACS server. During the pro­cess I dis­covered the test aaa-​​​​server com­mand. Its very handy tool when you are doing this kind of stuff.
Read on.….

Filed under Cisco, Security · Tagged with ,