Top
Browse > Home /

IP Addressing for HA Links for ASA/FWSM/ACE Etc- Poll

November 6, 2008 by Greg Ferro · 3 Comments 

What IP addressing do you use for the sync / failover / HA links between your highly available devices ? Read more

VN:F [1.0.8_357]
Please rate this post :    Why ?
Rating: 7.0/10 (2 votes cast)
Filed Under: Design, Operation, Security
Tagged: ,

Rant:D-Link Hijacks Your Internets - in FIRMWARE

November 6, 2008 by Greg Ferro · 2 Comments 

Ubersource points out the D-Link router/modem firmware forces you to go their website and receive spamvertising about security software. You have to login to the router, go Advanced and OPT OUT to stop this.

This is very poor practice. Opt-out is NEVER ACCEPTABLE, and using a piece of hardware that is fully paid for to perform the spam attack is disgusting.

No more D-Link for me. I trust Cisco has no plans for Linksys to do the same - this is a revolting form of upselling.


D-Link DIR-655 Firmware 1.21 Hijacks your Internets

From Slashdot

VN:F [1.0.8_357]
Please rate this post :    Why ?
Rating: 10.0/10 (2 votes cast)
Filed Under: Blog
Tagged: ,

CCIE Candidate:What Roles Do Security Teams Play vs. Infrastructure Teams?

November 1, 2008 by Greg Ferro · Leave a Comment 

Keith Tokash opens up a topic close to my own heart, and one that I am working on right now. Go there and add comments so that my job is easier :-)
I believe that there should be a Security Design team and a Security Audit team. All security operations should be performed by Network Operations.

The SecAudit team should consists on consulting type people who love writing policies, working with management and reviewing the work that has been delivered matches the plan and design. This includes reviewing Securty Operations (which is most likely delivered by Network Operations). They do not perform hands on work, or any day to day activities.

The SecDes team are used to reference and validate all Security changes against the reference designs derived from Policy. They are Network Engineers with a specialisation in Security and can assess impact on Network Integrity.

Leave comments if you want me to expound more on this topic.

CCIE Candidate - What Roles Do Security Teams Play vs. Infrastructure Teams?: “”

VN:F [1.0.8_357]
Please rate this post :    Why ?
Rating: 0.0/10 (0 votes cast)
Filed Under: Blog
Tagged: ,

TCP SYN Cookies - DDoS Defence

September 12, 2008 by Greg Ferro · 1 Comment 

A TCP SYN Cookie is typically used in DDoS engines and load balancers to create another level of protocol security for Denial of Service attacks. Lets take a quick dive through the technology. Read more

VN:F [1.0.8_357]
Please rate this post :    Why ?
Rating: 0.0/10 (0 votes cast)
Filed Under: Design, Security
Tagged: , ,

Why Use Two Routing Processes in a Firewall ?

March 10, 2008 by Greg Ferro · 1 Comment 

In a recent post on Two OSPF Processes on an ASA firewall Christian asked why you would want to do this. Here is one case of a design that needs secure routing :

Read more

VN:F [1.0.8_357]
Please rate this post :    Why ?
Rating: 0.0/10 (0 votes cast)
Filed Under: Cisco, Design
Tagged: , ,

Cisco ASA and IOS Command Tip - Test Aaa-Server

February 18, 2008 by Greg Ferro · Leave a Comment 

I have been working on a VPN setup that loads the Group Policy from a CiscoSecure ACS server. During the process I discovered the test aaa-server command. Its very handy tool when you are doing this kind of stuff.

Read on…..

Read more

VN:F [1.0.8_357]
Please rate this post :    Why ?
Rating: 0.0/10 (0 votes cast)
Filed Under: Cisco, Security
Tagged: ,

Bottom