Search This Blog

Friday, September 11, 2009

firewall-wizards Digest, Vol 41, Issue 2

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: secure firewall rule management program
(rainer.ginsberg@basf-it-services.com)
2. Re: Slow FTP transfers (Bill O'Connell)


----------------------------------------------------------------------

Message: 1
Date: Thu, 10 Sep 2009 11:03:35 +0200
From: rainer.ginsberg@basf-it-services.com
Subject: Re: [fw-wiz] secure firewall rule management program
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<OF0C20A8BD.67A96319-ONC125762D.002F3AE3-C125762D.0031C494@basf-c-s.be>

Content-Type: text/plain; charset=US-ASCII


Hi Morty,

I know of three commercial products that claim to fulfill most of your
requirements. I haven't used them nor even seen a demo, so I can't share
any experience. They are (in alphabetical order)
- AlgoSec FireFlow <
http://www.algosec.com/en/products/fireflow_overview.php>
- Check Point SmartWorkflow <
http://www.checkpoint.com/products/softwareblades/smartworkflow.html>
- Tufin SecureChange Workflow <
http://www.tufin.com/products_securechange_workflow.php>

While Check Point's product only works for their line of firewalls, the
other two products claim to support multiple firewall vendors.

Best regards,
Rainer


Rainer Ginsberg
Security, Voice & Network Planning


Phone: +49 621 60-94660, Fax: +49 621 60-6694660, E-Mail:
rainer.ginsberg@basf-it-services.com
Postal Address: BASF IT Services GmbH, IN-CP - C010, 67059 Ludwigshafen,
Germany


www.basf-it-services.com


BASF IT Services GmbH, Registered Office: 67059 Ludwigshafen, Germany
Companies' Register: Amtsgericht Ludwigshafen, HRB 3541
Managing Directors:
Andreas Biermann, Dr. Ralf Sonnberger
Chairman of the Supervisory Board: Andrew Pike



"Mordechai T.
Abzug"
<morty+fw-wiz@fra To
kir.org> firewall-wizards@listserv.cybertrus
Sent by: t.com
firewall-wizards- cc
bounces@listserv.
icsalabs.com Subject
[fw-wiz] secure firewall rule
management program (Plain)
03.09.2009 09:18


Please respond to
Firewall Wizards
Security Mailing
List
<firewall-wizards
@listserv.icsalab
s.com>


Anyone have suggestions for a good, secure webified firewall rule
management program? I.e. the kind of thing where users submit
requests for firewall holes and there's support for workflow so that a
requested rule goes to an approver for approval, and if approved, it
then goes to an implementer for implementation. COTS or free is fine.

Requirements:

* Secure code! The firewall request system should not itself be a
security hole.

* The system should allow users to submit rule requests, to be
approved by designated "approvers", and if approved, implemented by
designated "implementers".

* Awareness of firewall topology. I.e. the product needs to be aware
of which firewalls a given request traverses so this information can
be available to approvers and implementers.

* The system should include a notion of rule expiration, with
attendant workflow.

* The system should support change requests to existing rules, with
attendant approver/implementer workflow.

* The ability to abstract users into departments or projects,
ie. instead of the rule for the accounting web server belonging to
an individual, it belongs to "accounting". Even better if an
individual can submit for multiple projects, ie. a sysadmin who
works for both accounting and marketing can annotate "this rule
belongs to accounting" and the like.

* Sane role/permissions scheme, ie. user from department 1 can't
modify rule requests for department 2, and the like.

Desirements:

* The ability to export rulesets into popular firewall formats

* The ability to import existing rules from popular firewall formats

* The ability to search for IPs in rules using CIDR specifications

* COTS or free. We have some budget, but if there is something free,
we certainly won't complain.

[People who have been around a while might remember that I asked this
question some years ago. Unfortunately, there were no answers other
than some private, "yes, we'd like that too."]

- Morty

------------------------------

Message: 2
Date: Thu, 10 Sep 2009 12:55:58 -0500
From: "Bill O'Connell" <boconnell@libertycreativesolutions.com>
Subject: Re: [fw-wiz] Slow FTP transfers
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <37178B325672994C9460AFC3618FB31B0282A25C9753@mail>
Content-Type: text/plain; charset="us-ascii"

I've had a similar problem twice.

The first time we had a bad network cable that was causing repeated resends due to a short. This sometimes caused timeouts if a file couldn't be transferred within a certain amount of time

The second time we had a wireless T1 that was being blocked by a tree. Small files came across, but large files would sometimes time out. Not always, though, due to the fact that the tree's leaves would blow in the wind or be still.

Both issues were basically the same. Frequent packet errors which cause retransmits and eventually timeouts when the sending computer does not get a response. It taught me to never overlook the basics!


Bill O'Connell Network Solution Manager
Liberty Creative Solutions, Inc.
18625 West Creek Dr. | Tinley Park, IL 60477
V: (708) 633-7450
F: (708) 633-7449
www.libertycreativesolutions.com

From: firewall-wizards-bounces@listserv.cybertrust.com [mailto:firewall-wizards-bounces@listserv.cybertrust.com] On Behalf Of Farrukh Haroon
Sent: Tuesday, August 25, 2009 2:50 AM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Slow FTP transfers

Your problem could be due to your firewall blocking the IDENT protocol

Have a look at this link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094317.shtml

It could also be related to PTR records for your DIP Pool (but highly unlikely):

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094459.shtml

Regards

Farrukh
On Mon, Aug 24, 2009 at 7:26 PM, Francois Yang <francois.y@gmail.com<mailto:francois.y@gmail.com>> wrote:
I've seen slow traffic due to the firewall trying to do many things
like checking for viruses, packet anomalies, etc...
Maybe there's some checks that works better or worst depending if the
ftp session is passive or not.

Frank


On Fri, Aug 21, 2009 at 7:43 AM, Behm, Jeff<jbehm@burnsmcd.com<mailto:jbehm@burnsmcd.com>> wrote:
> On Thursday, August 20, 2009 12:19 PM, sky said:
>
>>I'm having an issue when ftp'ing (default port mode) large file
>>(50megs) to a remote server sitting behind FWSM. The transfer
>>gets real slow and at times just timeouts.
>
>>Any thoughts will be great.
>
> Any sort of packet shaper/QoS device between the endpoints?
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com<mailto:firewall-wizards@listserv.icsalabs.com>
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>


--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked. - White House Cybersecurity
Advisor, Richard Clarke
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com<mailto:firewall-wizards@listserv.icsalabs.com>
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


--
This message has been scanned for viruses and
dangerous content by OpenProtect<http://www.openprotect.com/>, and is
believed to be clean.

--
This message has been scanned for viruses and
dangerous content by OpenProtect(http://www.openprotect.com), and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20090910/54658602/attachment-0001.html>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 41, Issue 2
***********************************************

Posted by at

1 comment:

Anonymous said...

buy bactrim es online without prescription buy bactrim online buy bactrim without a prescription overnight buy bactrim without prescription buy bactrim f buy bactrim
[url=http://bactrim.eventbrite.com/]buy bactrim without a prescription overnight [/url]
buy bactrim online
glucophage xl glucophage hips glucophage and pcos when to take glucophage doses alcohol glucophage articles on glucophage and weight loss 3 glucophage side effects
[url=http://takeglucophage.eventbrite.com/]glucophage and vitamin b12 [/url]
glucophage weight loss
proscar ejaculate buy proscar no prescription proscar hair psa proscar proscar for bph generic 5mg proscar cheap proscar vs adovart
[url=http://proscar.eventbrite.com/]proscar for hair loss [/url]
proscar canine
uprima lavetra male impotence bayer levitra sampl levitra lowest price levitra male enhancement impotence aid
[url=http://virb.com/yalevi]levitra clinical data [/url]
buy levitra us
azithromycin zithromax online zithromax tablets generic zithromax azithromycin 500mg online zithromax treatment zithromax oral suspension zithromax 500 zithromax drug interactions
[url=http://virb.com/bono]z pak [/url]
zithromax ear infection
-------------------------------------------------------------------
[url=http://fotak.ru/stats.php?r=security-world.blogspot.com]my blog[/url]
blog my

3:57 PM

Post a Comment

Subscribe to: Post Comments (Atom)