Internets of Interest:9 Mar 10
March 10, 2010 by bookmarks · Leave a Comment
Collection of useful, relevant or inane places on the the Internets for 9 Mar 10:
Blessay:Firewalls Are Like Noses:Everyone’s Got One.
March 7, 2010 by Greg Ferro · 9 Comments
The thing about firewalls is that all networks have them. Once, firewall expertise was rare and a special job focus. Now, firewalls are like noses — everyone’s got one.
Cisco IPSec VPN Client — 64 Bit — in Beta
February 20, 2010 by Greg Ferro · 2 Comments
Cisco has released a new beta of their IPSec VPN client including a 64-bit for Windows.
Internets of Interest:12 Feb 10
February 12, 2010 by bookmarks · Leave a Comment
Collection of useful, relevant or inane places on the the Internets for 12 Feb 10:
DDOS — a Problem Bigger Than You Can Ever Be
January 17, 2010 by Greg Ferro · 1 Comment
Taking data from the Arbor Networks DDOS report for 2009 and applying it to real life makes for some ugly choices.
Cisco Releases BETA IPSec VPN Client for Windows 7
September 30, 2009 by Greg Ferro · 17 Comments
I recently stated the Cisco IPsec VPN Client would have no future development. Cisco has released a Beta version for Windows 7 and looking for feedback from Windows users.
Internets of Interest: 16th Aug
August 17, 2009 by bookmarks · Leave a Comment
Collection of useful, relevant or inane places on the the Internets for 16th Aug:
Design: Cisco Firewall Services Module Virtualization Design Traps
August 13, 2009 by Greg Ferro · Leave a Comment
The Cisco Firewall Service Modules (FWSM) has a design limitation based on its ability to discriminate packet forwarding between multiple contexts. It also applies to ASA/PIX software. Lets review this in detail and learn the evil consequences.
Blessay: Designing Enterprise DMZ and Multilayer Firewall Clusters
August 2, 2009 by Greg Ferro · 14 Comments
In modern Enterprise networks, you typically have many clusters of firewalls protecting assets in your network. Since we use two or more layers of firewalls, we can put our DMZ for intermediate security zones in different places in our network. Lets gather together the different options and consider the merits or not, and sometimes how they ‘self-build’.
Blog:a Lot of Major Security Annoucements — Strangely Buried in One Big Press Release.
April 25, 2009 by Greg Ferro · 2 Comments
New ASA 8.2 with botnet and new VPN functions, Major version of IPS firmware — V7.0. New SAFE Design Guides. Really important new features, buried in a press release.
IP Addressing for HA Links for ASA/FWSM/ACE Etc– Poll
November 6, 2008 by Greg Ferro · 7 Comments
What IP addressing do you use for the sync / failover / HA links between your highly available devices ?
Rant:D-Link Hijacks Your Internets — in FIRMWARE
November 6, 2008 by Greg Ferro · 2 Comments
Ubersource points out the D-Link router/modem firmware forces you to go their website and receive spamvertising about security software. You have to login to the router, go Advanced and OPT OUT to stop this.
This is very poor practice. Opt-out is NEVER ACCEPTABLE, and using a piece of hardware that is fully paid for to perform […]
I Believe That There Should Be a Security Design Team and a Security Audit Team. All Security Operations Should Be Performed by Network Operations.
November 1, 2008 by Greg Ferro · Leave a Comment
I believe that there should be a Security Design team and a Security Audit team. All security operations should be performed by Network Operations.
TCP SYN Cookies — DDoS Defence
September 12, 2008 by Greg Ferro · 5 Comments
A TCP SYN Cookie is typically used in DDoS engines and load balancers to create another level of protocol security for Denial of Service attacks. Lets take a quick dive through the technology.
Why Use Two Routing Processes in a Firewall ?
March 10, 2008 by Greg Ferro · 1 Comment
In a recent post on Two OSPF Processes on an ASA firewall Christian asked why you would want to do this. Here is one case of a design that needs secure routing :
Cisco ASA Supports Two OSPF Processes
March 6, 2008 by Greg Ferro · 6 Comments
Sometimes, thinking too much stops you from checking the basics. I have often wished that the Cisco ASA supported more than one routing process like the Juniper Netscreen does (which does this brilliantly). Why didn’t I look for this sooner ?-
Cisco ASA and IOS Command Tip — Test Aaa-Server
February 18, 2008 by Greg Ferro · Leave a Comment
I have been working on a VPN setup that loads the Group Policy from a CiscoSecure ACS server. During the process I discovered the test aaa-server command. Its very handy tool when you are doing this kind of stuff.
Read on.….

