Security — My EtherealMind

Cisco and Their Security Strategy

3rd July 2010 By Greg Ferro 2 Comments

Recently, the Security Strategy from Cisco has become vague and ill defined.

Filed Under: Blog, Posters, Security Tagged With: Cisco, Design, Security

Cisco ASA Failover License Changes in Version 8.3

28th April 2010 By Greg Ferro 5 Comments

Quick notes on the Virtual Context licensing requirements when using a Active/Standby (Failover) pair and looking for gotchas and traps.

Filed Under: Blog, Security Tagged With: asa, Cisco, Security

F5 LTM and Tcp Timouts

15th April 2010 By admin 2 Comments

One of the dangers of being from a pure cisco background is assumption. You treat all devices as if they have the same defaults as ‘normal’ Cisco devices. I think I’m pretty good at avoiding this, but it gets us all sometimes. As we all know, when you run long lived TCP connections through application [...]

Filed Under: Blog, Design, Security

Blessay:Firewalls Are Like Noses:Everyone’s Got One.

7th March 2010 By Greg Ferro 9 Comments

The thing about firewalls is that all networks have them. Once, firewall expertise was rare and a special job focus. Now, firewalls are like noses – everyone’s got one.

Filed Under: Blessay, Security Tagged With: Security

Design: Cisco Firewall Services Module Virtualization Design Traps

13th August 2009 By Greg Ferro 4 Comments

The Cisco Firewall Service Modules (FWSM) has a design limitation based on its ability to discriminate packet forwarding between multiple contexts. It also applies to ASA/PIX software. Lets review this in detail and learn the evil consequences.

Filed Under: Design, Security Tagged With: Cisco, Design, firewall, Operation, Security

Blessay: Designing Enterprise DMZ and Multilayer Firewall Clusters

2nd August 2009 By Greg Ferro 20 Comments

In modern Enterprise networks, you typically have many clusters of firewalls protecting assets in your network. Since we use two or more layers of firewalls, we can put our DMZ for intermediate security zones in different places in our network. Lets gather together the different options and consider the merits or not, and sometimes how they ‘self-build’.

Filed Under: Blessay, Blog, Design, Featured, Security Tagged With: Design, firewall, network design, Security

IP Addressing for HA Links for ASA/FWSM/ACE Etc- Poll

6th November 2008 By Greg Ferro 10 Comments

What IP addressing do you use for the sync / failover / HA links between your highly available devices ?

Filed Under: Design, Operation, Security Tagged With: Design, Security

TCP SYN Cookies – DDoS Defence

12th September 2008 By Greg Ferro 8 Comments

A TCP SYN Cookie is typically used in DDoS engines and load balancers to create another level of protocol security for Denial of Service attacks. Lets take a quick dive through the technology.

Filed Under: Design, Security Tagged With: Design, Operation, Security

Lessons in IT Security From the Credit Crunch

24th April 2008 By Greg Ferro Leave a Comment

I read an article in the Financial Times Corroded to the core: How a staid Swiss bank let ambitions lead it into folly. It struck me how relevant this is to IT Security.

Filed Under: Opinion, Security

Cisco ASA Supports Two OSPF Processes

6th March 2008 By Greg Ferro 6 Comments

Sometimes, thinking too much stops you from checking the basics. I have often wished that the Cisco ASA supported more than one routing process like the Juniper Netscreen does (which does this brilliantly). Why didn’t I look for this sooner ?-

Filed Under: Cisco, Security Tagged With: Cisco, Design, Operation, Security