gmane.comp.security.firewalls.wizards

c0c0n 2012 - Call For Papers and Call For Workshops

Yashartha Chaturvedi — 2012-03-18T14:23:16

       ___        ___          ____   ___  _ ____
  ___ / _ \  ___ / _ \ _ __   |___ \ / _ \/ |___ \
 / __| | | |/ __| | | | '_ \    __) | | | | | __) |
| (__| |_| | (__| |_| | | | |  / __/| |_| | |/ __/
 \___|\___/ \___|\___/|_| |_| |_____|\___/|_|_____|
     ###################################################
c0c0n 2012 - Call For Papers and Call For Workshops
###################################################

August 2-4, 2012 - Cochin, India

Buenos días from the God’s Own Country!

We are extremely delighted to announce the Call for Papers and Call
for Workshops for c0c0n 2012 <http://www.is-ra.org/c0c0n/>, a 3-day
Security and Hacking Conference (1 day pre-conference workshop and 2
day conference), full of interesting presentations, talks and of
course filled with fun!

The conference topics are divided into four domains as follows:


We are expecting conference and workshop submissions on the following
topics, but are not limited to:


#####################
CFP Review Committee:
##################

How MSRPC flow is handled? How to delete the flows after successful transfer of data

rahul sharma — 2012-02-17T14:36:18

Hi All,

I am trying to get details about MSRPC and its working. So far I have come
to know that when a Client requests for a particular service, first it
comes to End Point Mapper. Then in response to Map Request, the Port and IP
address are sent to client in Response's Tower id 4 and 5 respectively. Now
I have the port and IP address.  I simply connect to that service. Now
suppose I am firewalling it. Now if I allowed the MSRPC packets, then I
will create an embryonic flow for that connection, and then the firewall
will allow those packets.

Now my problem is how I will detect for how long I need to keep that flow
open? If the communication on that port has finished, then how should I
make sure that now its exited and I need to delete the flow ID? Can anyone
help me how should I go for this or how is this actually implemented??

Thanks and Regards
Rahul Sharma
_______________________________________________
firewall-wizards mailing list
firewall-wizards< at >listserv.icsalabs.com
https://listserv.icsalabs.com/m

Ruxcon 2011 Final Call For Papers

2011-08-15T10:53:08

Ruxcon 2011 Final Call For Papers

The Ruxcon team is pleased to announce the final call for papers for the seventh annual Ruxcon conference.

This year the conference will take place over the weekend of 19th and 20th of November at the CQ Function Centre, Melbourne, Australia.

The deadline for submissions is the 15th of October.

* What is Ruxcon?

Ruxcon is the premier technical computer security conference in the Australia-Pacific region. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations.

The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expanding their knowledge of security.

Live presentations and activities will cover a full range of defensive and offensive security topics, varying from previously unpublished research to required reading for the security community.

For more information

Securing email by inhibiting urls

Chris — 2011-08-01T18:46:45

A company I work for has been having great difficulty in securing against
email attacks.  So far we have disabled access to webmail, implemented
rules and processes to block freemail services like hotmail etc until the
sender registers the address and of course a spam filter (BrightMail).
Attachment filtering is pretty strict as well.

 

The threat that presents the biggest challenge is url links in emails.  The
common method of attack is an email from somedomain.com where they change
one character or otherwise make the address look valid (ie:
joe< at >s0medomain.com or j0e< at >somedomain.com etc).

 

I was looking for a way to spot and block hyperlinks but it looks like the
only option I have is to filter on these and send them to a spam bin.  I'd
rather yank the offending hyperlink and replace it with a message of some
sort.  Unfortunately BrightMail doesn't offer that capability.

 

Any products that do this or ideas on a solution?

 

Thanks

_______________________________________________
firewall-wizards mai

CFP Securitybyte India

Papers, Call For — 2011-07-24T14:47:25

Hi All,
The first round of speakers have been selected for Securitybyte, please
follow us on twitter < at >securitybyte to get the latest updates on speakers and
event.

Deral Heiland, From Printer to Owned: Leveraging Multifunction Printers
During Penetration Testing
Nithya Raman, Security threats on social networks
Alexander Polyakov, A Crushing Blow At the Heart of SAP J2EE Engine
Bishan Singh, Enabling Un-trusted Mashups
Krzysztof Kotowicz, HTML5: Something Wicked This Way Comes
John McColl, Hacking Corporate Telephony
Aseem Jakhar, Runtime thread injection and execution in Linux processes
George Nicolaou, Alternative Exploitation Vectors (A study of CVE-3333)
Michele Orru, Securing the Browser
Kanwal K. Mookhey, The Data Theft Epidemic in India
Vivek Ramachandran, Enterprise Wi-Fi Worms, Backdoors and Botnets for Fun
and Profit

The 2nd round of CFP is out

CFP/CTP

Securitybyte is proud to announce its Second Annual International
Information Security Conference, "Securitybyte 2011" in Bangalore, India.
This

CISCO ASA 7.0(8) - internal users cannot browse.

Rocker Feller — 2011-05-25T08:04:08

Hi all,

I am a newbie and would like assistance on an asa.

I have a cisco asa factory default that i configured.

this is my configuration,  thank you.


1. I cannot ping the gw ip when connected on console though from teh gw
which is a cisco router i can pick the asa mac address.

2. I have the two acls 101 and cmd  icmp permit any outside which should
enable me to ping from any outside host to the outside interface of the asa
to no avail.

3. public ip and gw are public ips.

Q. Any assistance to get this working so that i can configure an ra vpn will
be appreciated.



SA Version 7.0(8)
!

domain-name ciscoasa.co.ke

names
dns-guard
!
interface Ethernet0/0
 description Link to Service Provider
 nameif outside
 security-level 0
 ip address publicip 255.255.255.252
!
interface Ethernet0/1
 description Link to Local LAN
 nameif inside
 security-level 100
 ip address 192.168.168.11 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif

obscure email address formats

ArkanoiD — 2011-05-23T20:30:24

Is there any good reason to allow email addresses (in smtp, imap and alikes)
in any format different from mailbox< at >fqdn ?

There is plenty of other stuff defined in RFCs and I wonder if anyone really uses it so
I should *not* just filter it out.

Ruxcon 2011 Call For Papers

2011-05-17T06:37:09

Ruxcon 2011 Call For Papers

The Ruxcon team is pleased to announce the call for papers for the seventh annual Ruxcon conference.

This year the conference will take place over the weekend of 19th and 20th of November at the CQ Function Centre, Melbourne, Australia.

The deadline for submissions is the 30th of July.

* What is Ruxcon?

Ruxcon is the premier technical computer security conference in the Australia-Pacific region. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations.

The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expanding their knowledge of security.

Live presentations and activities will cover a full range of defensive and offensive security topics, varying from previously unpublished research to required reading for the security community.

For more information, please visit

Solsoft NSM still alive?

ArkanoiD — 2011-05-14T13:02:08

I was surprised to find it is!

It is now called HAL-GK (Hybrid Application Layer Gatekeeper) and being developed by Edenwall
(there appears to be a commercial appliance based on it and NuFW).

I checked the sources, but it looks like most interesting parts are missing -- no SQL and Netbios proxies anymore.
Does anyone still have old NSM source tarball? I cannot find it.

Cyberoam Firewalls

Greg Marcom — 2011-05-10T21:01:45

Has anyone had any experience with these? My company was using
SnapGears and since McAfee stopped making them, we had to switch.
Anybody else have any other good makes and models that they use?

is the ASA a true hardware solution?

Greg Whynott — 2011-05-05T17:11:50

in the context of the never ending debates related to software/hardware firewalls...


i was looking inside of our newest 5580,   it appears to be a standard HP server box (DL585)  with a hardware encryption accelerator option card inserted into a pci slot.  everything else appears to be verbatim to what you would receive from HP if you ordered their high end x86 server box.

should one not have any sort of encryption needs,  would this box considered a software firewall?    I couldn't find one custom asic,  module  or other chip with a cisco brand stamp on it,  beyond the flash.


thanks!

-g



--

This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message m

Yest another application-specific firewall-like tool (ldap)

ArkanoiD — 2011-05-03T17:33:30

http://resources.idgenterprise.com/original/AST-0024304_Quest_WP_Its9AMKnowWhatDirectoryDoing.pdf

what is most interesting in tools like that is 

a) similar functionality is rarely integrated in firewalls, despite the fact it is most obvious place for deployment.
firewall vendors show little to no interest, though
b) tool vendors are likely to avoid the word "firewall"
c) there is zillion of it for various protocols and scenarios and no one ever thinks on making uniform solution of those
components

OpenFWTK snapshot

ArkanoiD — 2011-04-29T14:50:11

For those of you curious enough to download it: the one on the sourceforge was almost year old,
so better try the new one I just uploaded.

proxy firewalls -vs- packet filters

Bennett Todd — 2011-04-28T19:35:01

Probably a naive question, but is there any possibility ipv6 might
tear open a gap in the range of available firewall products that
user-space application layer proxy firewalls could fill faster than
the heuristics for packet filtering can run over enough toes to
discover the necessary subtlties?

How to keep firewall rules clean and up-to-date

Ilias - — 2011-04-26T11:12:06

Hello,

What do you do to keep your firewall rules clean and up-to-date?
Procedures, for which?

Keep in mind;

-Servers that change from IP
-Server which has been discarded
etc.

Thanks in advance
Best regards,
Ilias


       _______________________________________________
firewall-wizards mailing list
firewall-wizards< at >listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Proxies,opensource and the general market: what's wrong with us?

ArkanoiD — 2011-04-24T17:27:34

In early days, proxy firewalls and opensource (or just "crystal box" :-) solutions dominated the market.

Now both are either extinct or forced to an ulgy low end (for opensource, it usually means having no
security-centric framework, no common API, no real code review -- just a bunch of "functionally fit"
free things installed on a linux box with some simple web interface). For proxy firewalls the future is
even more questionable. Multiple state-of-the-art technology leaders were merging (quite obviously being
unable to stay competitive with cheapo crap) until there was only One left.. SC, later bought by McAfee.
And now McAfee is owned by Intel and it seems to show no interest in high end firewall solutions at all,
they seem to think they just bought an "antivirus company".

I asked guys on LinkedIn (having to admit LinkedIn security community sucks big time, some sane people are still there :-)
, if they still have some interest in opensource firewall solutions. The short answer
was "NO". The long ones we

Cisco ASA5585

Morley, Morven — 2011-04-19T10:49:08

Hi all,
                        Does anyone have any experience of the Cisco ASA5585 appliances,  specifically the IPS capabilities of the devices,  how do they compare with a Tipping Point IPS device regarding ease of administration, false/positives, automatic updates of digital vaccines?


Regards
Morven


Mrs Morven Morley, Network Manager, ICT Systems
x2187

[cid:image001.gif< at >01CBFE87.CAC10AC0]


_______________________________________________
firewall-wizards mailing list
firewall-wizards< at >listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Query: Role of Firewalls within a SAN environment itselfnot just the periphery

brian dorsey — 2011-04-12T10:11:56

Hi all,

I am wondering what your view point is with respect to firewalls within a
Storage Area Network (SAN) environment.

I am a SAN novice and I am interested in getting to know this area further.

The literature that I have found since yesterday does not seem to have major
role for a firewall within the SAN environment itself. I see that some
documentation places a firewall a the edge of the SAN. But what about
firewalls between switches/routers etc within the SAN?

As I understand it, SAN switches like those from Cisco (just reading
documentation on Cisco 9000 series switches) provide IP/port filtering of
packets and can create VLAN-like SAN's called VSAN's.

The thing is, would it not also be wise to install firewalls either
network-based or locally on end SAN systems to provide defense in depth and
also provide greater filtering granularity if required?


Has anyone any documentation or diagrams of a typical SAN architecture that
also include (traditional non-switch based) firewalls?

These switches m

PIX 515 7.1 vs: 8.0

Brian Blater — 2011-03-09T01:24:50

I was recently able to pick up another pix to play with. I currently
have a PIX 515e with 7.1, but this new one comes with 8.0. I'm
wondering if there is something new in the 8.0 version that is working
differently and has me stumped. One difference between the two PIXs I
have is that the new one has a 4 port card for a total of 6 ethernet
ports. I've setup DHCPD on two of the interfaces, but I can't get it
to assign an address to anything connected to those interfaces (dmz
and vonage). Also, if I manually assign an IP to a device on one of
those networks I can't even get out the internet. So, either some ACL
or static mapping is interfering there, but I can't see what I've
messed up. The DMZ port on the PIX 515e with 7.1 just works both with
DHCPD and internet access, but even if I try the same ACLs and statics
on the 8.0 PIX I"m still not getting anything working. Basically I'm
stumped.

I've attached the 8.0 config below. If anyone can give me a hand and
let me know what I'm missing that would be great.

Final Penultimate last Call for Papers for CanSecWest 2011(deadline Jan. 17th, conf March 9-11)

Dragos Ruiu — 2011-01-13T11:28:30

"First they ignore you, then they ridicule you, 
then they fight you, then you win." -- Mahatma Ghandi.

Well if Fox's new comedy show "Breaking In" is any
indication, infosec has now entered Ghandi's second 
stage. http://goo.gl/ZpLDp [youtube] (hat tip to Adam 
O'Donnell for this humorous find, and Sam Bowne for 
the quote/quip)

But on a slightly more serious note.

CanSecWest is nearing in the second week of March, and 
this year I've waited on sending out the CFP note/reminder. 
It's been up on the site for a while with a Dec 29 deadline, 
but this is the real last call for submissions. If you don't get 
them in by this weekend they won't make the selections 
review process next week. We'll try to announce the 
selections the week following. After 11 years, most 
of you should know the drill, but for those who haven't 
submitted or attended before, the fine print and usual 
further information is attached below.

Other info:

We are doing more dojo training courses  than ever this 
year (17!) and they

IPv6

Paul D. Robertson — 2010-12-26T16:56:45

Is anyone doing anything interesting with v6 and firewalls?  We're              
supposedly coming up on the year that v6 will break out, and most               
organizations I know still don't even route it.                                 
                                                                                
Paul                                            
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul< at >compuwar.net       which may have no basis whatsoever in fact."
           Moderator: Firewall-Wizards mailing list
           Art: http://www.PaulDRobertson.net/