Tuesday, November 10, 2009

firewall-wizards Digest, Vol 43, Issue 2

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: OT, sorta: Breaking pipes? (Chris Myers)
2. Re: secure firewall rule management program (Marcin Antkiewicz)


----------------------------------------------------------------------

Message: 1
Date: Sat, 7 Nov 2009 09:34:06 -0600
From: Chris Myers <clmmacunix@charter.net>
Subject: Re: [fw-wiz] OT, sorta: Breaking pipes?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <7CEB2596-85DE-45CA-B72D-E086A51DE7AC@charter.net>
Content-Type: text/plain; charset="us-ascii"; Format="flowed";
DelSp="yes"

Do you use Perl at all with CGI scripts? If so, this is just an
example of what might be done with anything written with custom
scripts. In this case, it is a specific vendor, but it could happen to
anyone who does not code diligently.

http://www.kb.cert.org/vuls/id/496064

Thank You,

Chris Myers
clmmacunix@charter.net

John 1:17
For the Law was given through Moses; grace and truth were realized
through Jesus Christ.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedGraphic.tiff
Type: image/tiff
Size: 18654 bytes
Desc: not available
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20091107/c72954c8/attachment-0001.tiff>
-------------- next part --------------
Go Vols!!!!

On Oct 27, 2009, at 1:48 PM, Kurt Buff wrote:

> All,
>
> At $WORK I admin a nice Sidewinder. Works well. I like it, though I'm
> not as fully trained on it as I'd like to be.
>
> However, I'm seeing more complaints from end-users who are
> encountering web sites that issue URLs with the pipe/vertical bar -
> "|" - character embedded in them. The Sidewinder proxy denies it, as
> is proper. The latest occurrence is a really stupid State government
> web site that actually puts the pipe character at the end of the URL!
>
> For those sites that we have a business case for end-user access, I
> make an exception.
>
> IT manager now considers this an annoyance, and wants justification
> for the not allowing URLs with the character through the proxy. I tell
> him it violates the RFCs that I'm aware of (1738 and 2396 - 3986
> doesn't really deal with it, AFAICT) and he wants me to
> quantify/qualify the risk, and wants me to consider allowing that
> character universally. I told him (as I believe to be correct) that
> you can't do that without turning off the proxy entirely, which would
> be foolish in the extreme.
>
> Aside from what we (the manager and I) already know (that the pipe is
> used in scripting/shells/etc. to redirect output from one program to
> another) are there any other risks of which I'm not aware, or any
> specific attacks that I can point to that have or do use this
> character? I would think that our current understanding on this would
> be sufficient justification for keeping things the way they are, but
> apparently not.
>
> This is really silly, and frustrating for me, though I suppose many of
> you have fought the same (kinds of) battle, but any insight would
> help.
>
> Thanks,
>
> Kurt
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


------------------------------

Message: 2
Date: Thu, 5 Nov 2009 22:52:16 -0600
From: Marcin Antkiewicz <firewallwizards@kajtek.org>
Subject: Re: [fw-wiz] secure firewall rule management program
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<7ed5f2120911052052t5f725bbdp5c795cbb852b219c@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

> Thanks! ?We're looking both at Tufin (mentioned by Rainer Ginsberg)
> and at Algosec (mentioned by one of our managers and by Rainer). ?The
> current versions of both products fail to meet several of our
> dealbreaking requirements. ?Both products are relatively new. ?We're
> hopeful that a future version of one or both products will be what we
> want.

Hi Morty,

we are looking at the same, but we are looking for a cleanup/basic ops support
tool right now.

Would you mind sharing the dealbreaking requirements? I am wondering now
what, if anything we have missed.

--
Marcin Antkiewicz


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 43, Issue 2
***********************************************

at

No comments:

Post a Comment