Search This Blog

Saturday, April 24, 2010

firewall-wizards Digest, Vol 48, Issue 10

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Firewall review tool for Junipers (Victor Williams)
2. Re: DNS Names for external services (Morty)
3. Re: Looking for firewall mgmt solution (Morty)
4. Re: Firewall best practices (Martin Barry)
5. Re: Firewall review tool for Junipers (David Hurst)


----------------------------------------------------------------------

Message: 1
Date: Thu, 22 Apr 2010 19:09:52 -0500
From: Victor Williams <vbwilliams@gmail.com>
Subject: Re: [fw-wiz] Firewall review tool for Junipers
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <4BD0E550.4020708@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Having gone through this already, there is no silver bullet for ruleset
auditing...it takes human eyes and an explanation on why rulesets are
the way they are.

For automated configuration collection and archive, as well as
comparison, Kiwi Cattools will handle configurations with select Juniper
devices.

The only way you're going to be able to audit configurations that a QSA
would be fine with is to manually audit them and comment the
rulesets--explain why they're needed. Cisco, Secure Computing
Sidewinder (now owned by McAfee and going by a different name), etc all
allow commenting of access lists. The last gap analysis we had with a
QSA who audited our rulesets indicated that our rulesets and
justifications would pass an audit because of the completeness of the
comments.

Hope this helps.

On 4/22/2010 10:00 AM, Wilson wrote:
> Hi there,
>
> Just wanted to get some advice from the forum. What tools do you use
> to perform firewall policies review on Junipers firewall? One of the
> driver is to comply with PCIDSS. Due to the number of firewalls I hope
> there is some proven tools out there that can help with things like
> gathering configs, identify diff in rulesets etc. I am prepared for
> manual analysis but want to automate as much as possible, especially
> this will be a recurring tasks. Anyway welcome any open source or
> commercial suggestions. Thanks heaps for your help.
>
> Cheers,
>
> Wil
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>

------------------------------

Message: 2
Date: Fri, 23 Apr 2010 09:02:04 -0400
From: Morty <morty+fw-wiz@frakir.org>
Subject: Re: [fw-wiz] DNS Names for external services
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <20100423130204.GG13606@red-sonja>
Content-Type: text/plain; charset=us-ascii

On Sat, Apr 17, 2010 at 10:50:31AM -0500, Frank Knobbe wrote:

> Likewise, if you don't run an FTP server (or CVS, or POP3, or...),
> setup DNS records for those pointing to your honeypot. Use it to
> respond in anyway you see fit for defense of your network (blocking
> the IP, etc).

What happens when one of your legit users says "I wonder if we have an
FTP server?" and tries ftp.$YOURCOMPANY.com just to see if it answers?

- Morty


------------------------------

Message: 3
Date: Thu, 22 Apr 2010 18:26:05 -0400
From: Morty <morty+fw-wiz@frakir.org>
Subject: Re: [fw-wiz] Looking for firewall mgmt solution
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <20100422222605.GE13606@red-sonja>
Content-Type: text/plain; charset=us-ascii

On Mon, Apr 19, 2010 at 07:13:16AM -0400, Morriss, Jason (NIH/CIT) [C] wrote:

> I'm wondering if anyone can give me any suggestions. I'm looking for
> a solution for my organization that will allow us to manage multiple
> firewalls from multiple vendors using a single interface (preferably
> web based).

I've asked a similar question in the past, although I was more focused
on a firewall request system. A number of multi-vendor products were
suggested. I won't mention recommendations and conclusions for
obvious reasons. Here they are:

Algosec:

http://www.algosec.com/en/products/fireflow_overview.php

Athena:

http://www.athenasecurity.net/athenafirepac.html

FWbuilder:

http://www.fwbuilder.org/

LogLogic:

http://www.loglogic.com/products/security-change-management/index.php

Tufin:

http://www.tufin.com/products_securechange_workflow.php


There are also some single-vendor products:

Checkpoint SmartWorkflow:

http://www.checkpoint.com/products/softwareblades/smartworkflow.html

Netscreen Manager:

http://www.juniper.net/us/en/products-services/software/network-management-software/nsm/

- Morty


------------------------------

Message: 4
Date: Fri, 23 Apr 2010 10:46:03 +0200
From: Martin Barry <marty@supine.com>
Subject: Re: [fw-wiz] Firewall best practices
To: mjr@ranum.com, Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <20100423084602.GA15529@merboo.mamista.net>
Content-Type: text/plain; charset=us-ascii

$quoted_author = "Marcus J. Ranum" ;
>
> That's why firewalls need to go back to doing what they
> originally did, and parsing/analyzying the traffic that
> flows through them, rather than "stateful packet
> inspection" (which, as far as I can tell, means that
> there's a state-table entry saying "I saw SYN!")

Marcus, are you referring to DPI or proxies or both or something else
entirely?


> If the firewall doesn't understand the data it's passing,
> it's not a firewall, it's a hub.

If an application emulates HTTPS traffic and is proxy aware, how do you tell
the difference?

cheers
Marty


------------------------------

Message: 5
Date: Thu, 22 Apr 2010 13:08:09 -0500
From: "David Hurst" <dhurst@athenasecurity.net>
Subject: Re: [fw-wiz] Firewall review tool for Junipers
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.icsalabs.com>
Cc: securitynewsgroup@gmail.com
Message-ID: <HFEPLIOJKHBGNPOELBJMEEKNDCAA.dhurst@athenasecurity.net>
Content-Type: text/plain; charset="us-ascii"

You might want to check out Athena FirePAC. It supports Juniper Netscreen
firewalls and does many of the things you mention, including PCI DSS
compliance assessment for firewalls. You can download the tool and try it
for free.

http://www.athenasecurity.net/firepac_trial.html

<disclaimer>
I am CTO of Athena Security.
</disclaimer>

--DaveH "Be Excellent to each other!"

> -----Original Message-----
> From: firewall-wizards-bounces@listserv.icsalabs.com
> [mailto:firewall-wizards-bounces@listserv.icsalabs.com]On Behalf Of
> Wilson
> Sent: Thursday, April 22, 2010 10:00 AM
> To: Firewall Wizards Security Mailing List
> Subject: [fw-wiz] Firewall review tool for Junipers
>
>
> Hi there,
>
> Just wanted to get some advice from the forum. What tools do you use
> to perform firewall policies review on Junipers firewall? One of the
> driver is to comply with PCIDSS. Due to the number of firewalls I hope
> there is some proven tools out there that can help with things like
> gathering configs, identify diff in rulesets etc. I am prepared for
> manual analysis but want to automate as much as possible, especially
> this will be a recurring tasks. Anyway welcome any open source or
> commercial suggestions. Thanks heaps for your help.
>
> Cheers,
>
> Wil
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 48, Issue 10
************************************************

No comments: