Month: March 2009

Cisco PIX Firewall Basics

Posted on Updated on

Firewalls are essential components of an effective information security infrastructure. At its most basic level, a firewall is a hardware or software that filters traffic between your network and the Internet. The firewall (hardware) I am most familiar in using is the Cisco PIX (Private Internet eXchange) Firewall. It was one of the first products in the IP firewall and NAT appliance market segments.

Cisco PIX 501 FirewallPIX firewalls include the following security and network services features:

    • Network Address Translation (NAT) or Port Address Translation (PAT)
    • Content filtering
    • URL filtering
    • IPsec VPN
    • DHCP client/server
    • PPPoE support
    • Advanced security services for multimedia applications including Voice over IP (VoIP), H.323, SIP, Skinny

    Managing the firewall can be done through its integrated web-based management interface called PIX Device Manager (PDM), command-line interface (CLI), Telnet, Secure Shell (SSH), console port, SNMP, and syslog.

    Here are 10 steps to ensure your PIX Firewall is as secure as it can be:

    1. Password protect it
    2. Know your access-lists
    3. Log denials and errors
    4. Use SSH in place of Telnet
    5. Understand the ASA
    6. Enable optional security
    7. Keep the PIX OS and PDM patched
    8. Back up your configuration
    9. Use secure encryption
    10. Know your network

    Read more in detail here: Cisco PIX Firewall: Lock it down in 10 steps

    Most PIX Firewall models optionally support multiple outside or perimeter networks (also known as demilitarized zones (DMZs)). Connections between the networks can be controlled by the PIX Firewall.

    A Demilitarized zone (DMZ) is the most common and secure firewall topology, often referred to as a screened subnet. A DMZ creates a secure space between your Internet and your network. It will typically contain the following:

    • Web server
    • Mail server
    • Application gateway
    • E-commerce systems (It should contain only your front-end systems. Your back-end systems should be on your internal network.)

    In 2005, Cisco introduced the newer Adaptive Security Appliance (ASA) firewall that inherited much of PIX features, and in 2008 announced the PIX end-of-sale. I actually just found out about their discontinuity of the PIX firewall as I was doing some research for this blog post. However, the PIX technology is still sold in a blade, the FireWall Services Module (FWSM), for the Cisco Catalyst 6500 switch series and the 7600 Router series.

    Photo Credit: fzurell


    Conficker Worm – FYI (Alert!)

    Posted on Updated on

    The Conficker Worm is the latest buzz right now in IT security. Conficker, initially just considered a trojan but now considered a worm, is now said to have the ability to identify antivirus software and/or malware scanners running on the infected PC along with the ability to disable the identified applications.

    Side note: Trojan horses are files claiming to be something desirable but actually contain malicious code that when triggered cause loss, or even theft, of data. Worms, on the other hand, are programs that replicate themselves from system to system without the use of a host file. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action.

    Worm:Win32 Conficker - Photo Credit: Wikipedia

    Conficker, also known as Downup, Downadup and Kido, is a very sophisticated worm that surfaced in October 2008 and took advantage of a security hole in the Microsoft Windows operating system. It is also known by the following names:

    TA08-297A (other)
    CVE-2008-4250 (other)
    VU827267 (other)
    Win32/Conficker.worm.62976 (AhnLab)
    Trojan.Downloader.JLIW (BitDefender)
    Win32/Conficker.A (CA)
    Win32/Conficker.A (ESET)
    Trojan-Downloader.Win32.Agent.aqfw (Kaspersky)
    W32/Conficker.worm (McAfee)
    W32/Conficker.E (Norman)
    W32/Confick-A (Sophos)
    W32.Downadup (Symantec)
    Trojan.Disken.B (VirusBuster)

    So what does it do?

    Dong Ngo from CNET wrote:

    The hole affected all 32-bit and 64-bit Windows operating systems even those with latest service packs. The hole allowed the virus to infect the computer without any user interaction via the Internet, local network or USB thumb drives. Once infected, it stops the computer’s security services as well as Windows update service and disabled tools and software designed to remove it. Apart from that, the worm also allows the creator to remotely install other malicious codes on the infected computer.

    Consequently, the worm is programmed to update itself from domains it randomly generates. By April 1, 2009, the mount of domains the worm generates and goes to  find update could grow to 50,000 a day. The owner of the virus only needs to use one of these domains to host the update. This makes it virtually impossible for authorities to track the source of the update.

    Now, what do we do?

    Applying the MS08-087 patch to Windows would have been sufficient initially, but unfortunately, it may not be that simple now. Antivirus applications are trying their best to keep up and provide solutions that will remove the malware, but as previously mentioned, those are being shut down by the worm. Still, I suggest regularly updating your antivirus software especially as April 1st , the presumed date of worm activation, looms near.

    Michael Kassner wrote on TechRepublic:

    Officially, the only real resolution is to reformat and reload, especially since Conficker.C still resides at the application level. If the developers decide to bury the malware in the BIOS or SMM, it could get ugly.

    I would just suggest to constantly keep yourself updated for whatever developments experts will find so you would know what to do just in case.

    Photo Credits: Wikipedia;

    Network Security Basics

    Posted on Updated on

    Securing the network may include implementing technologies such as firewalls, VPNs, antivirus, and anti-spam software. These are for first line of defense of the network. In addition, for enterprises, they need to have a comprehensive approach that includes Access Control, Data Privacy, and Compliance.

    Firstly, in order to know what kind of security measures should be implemented, it is imperative that you know the network inside out. It is not possible to protect anything unless you clearly understand what you want to protect.

    Secondly, you need to understand the different threats, both from internal and external sources. They may be human-based, automated, or a natural phenomenon.

    Thirdly, physical security should be established, then partitioning and protecting network boundaries with firewalls, and also putting up workstation firewalls.

    For the enterprise security network, Access Control will include Authentication, Authorization, User Provisioning & Identity Administration, and Role Management.

    Authentication includes the use of passwords, token cards, and/or biometrics. Authorization policies should be centralized.  User Provisioning & Identity Administration should be automated to prevent human errors. As well, user roles/privileges should be properly managed.

    Data Privacy will include encrypting data, classifying data based on sensitivity, and putting up access control lists. Adding a security layer to enterprise search results will additionally prevent access of confidential information.

    Automated Compliance controls and processes flexible enough to adapt to meet changing requirements should be used to conform with governance and privacy regulations.

    Read these whitepapers for more detailed information:
    Security Inside Out
    Fundamental Principals of Network Security

    Photo Credits: Javier Aroche, JoePhoto

    Using Linux

    Posted on Updated on

    (This post is a modified version of a Multiply blog post I wrote on February 10th, 2008.)

    During the 2008 winter term, I was taking up a Unix/Linux course (COMP 1156) at George Brown College – Casa Loma campus. Here’s a little knowledge I’d like to share about what I learned in my first class.

    A little history about Linux:Linux

    • Linux is a modern, free operating system based on UNIX standards.
    • First developed as a small but self-contained kernel in 1991 by Linus Torvalds, with the major design goal of UNIX compatibility.
    • Its history has been one of collaboration by many users from all around the world, corresponding almost exclusively over the internet.
    • It has been designed to run efficiently and reliably on common PC hardware, but also runs on a variety of other platforms.
    • The core Linux operating system kernel is entirely original, but it can run much existing free UNIX software, resulting in an entire UNIX-compatible operating system free from proprietary code.

    Using Linux as your operating system actually has many advantages:

    • Risk reduction
    • Meeting business needs
    • Stability and security
    • Different hardware platforms
    • Ease of customization
    • Ease of obtaining support
    • Cost reduction

    Risk reduction means that using open source software (OSS) products offer you the opportunity to change and maintain the source code. Even if the market and consumer needs would change frequently, you don’t really have to worry much about changing software. This would surely result in reduced costs in administration and upgrades. If you used closed source software, on the other hand, then you would be gaining some burden in the financial aspect.

    Red Hat Linux
    Red Hat Linux

    Linux is a system that meets a lot of business needs because it has different software available for different uses. It is also more stable and secure compared to closed source OS like Windows, since bugs and security loopholes can be identified and fixed more quickly. Fact is there’s actually lesser viruses in Linux compared to Windows.

    There are also quite a number of different hardware platforms on which Linux can run, e.g. Intel, Macintosh, Itanium, Mainframe, Cirrus Logic, SPARC, and others. Linux is also easily customizable wherein you can compile the kernel needed to support only what is needed.

    Linux documentation, newsgroups, and user groups contribute to the ease of obtaining support, whenever you would have a problem. Here are some helpful sites:

    The Linux Documentation Project

    Red Hat Linux Manuals – This site seems to have disappeared already now though.

    I like programming and scripting but haven’t had the chance to do so lately. Sometimes I wish I took Computer Engineering instead of Electronics & Communications Engineering, but we’ll save that as another story for another day.

    How Schools Could Use Social Media

    Posted on Updated on

    This topic idea is taken from Chris Brogan’s 100 Blog Topics I Hope YOU Write About (No.12).

    When I was in university, social media wasn’t being really used that much. I mean, yes, students use them for personal use, like Friendster, Multiply, YouTube and instant messaging, but for the school itself, they didn’t really utilize it that much. That was in 2002 to 2007.

    Students and TeacherRight now, social media is everywhere. Businesses, organizations, academic institutions, and just about everyone else uses social media. If you don’t use it, I’d say you are way behind with the times. The community and the world constantly changes. Lots of new things are being developed and it is always good to know what these are so you will be able to know if you could use it as you continuously try to improve yourself and your organization.

    Let me talk about how I think schools could use social media. Firstly, I think the most important thing is that a school should have a website. With a website, its students, alumni, faculty will have easy access to general information including student registration, events and important announcements.

    However, just having a website is not enough. I have noticed that there are those who are satisfied with having the same content on their website for months, maybe even years. It is important that the school’s website content be regularly updated. Setting a regular schedule weekly or monthly, if not daily, would probably be sufficient. At least one event does happen every month after all, right?

    NetworkA Wikipedia page would be helpful as well. In addition to a website, I’d say an online forum will be a great addition. This will be a great venue for students to speak out their concerns to the administration, the student government, the student clubs, or any other relevant groups or purpose.

    Speaking of a venue for students, faculty, and administration to connect and interact, a Facebook group would be great, too. Many students are already on it; all it needs is a common place in it where they could all gather.

    Another idea is the use of video-streaming or even just regular online video. According to Mary O’Malley, executive producer of University of New South Wales’ YouTube channel, “YouTube iconThis is a vehicle for communicating research and selected teaching material and is part of an overall strategy of publishing content where it can be most easily accessed.”

    Richard Buckland, a computer science lecturer at UNSW, has used YouTube as his classroom allowing students to earn college credit. This strategy may work for some schools, while some it may not. It all depends on every situation the school faces.

    One last thing, email is also important. Sending out newsletters or regular communications through email would also be a good idea for schools to implement. With this, students will be informed directly even if they do not use all the other social media.

    I’m definitely not an expert in social media, but I just wanted to share my thoughts on this and I am always open to more ideas.