I-BLOG

There were 8 blasts in Bangalore, IT hub of India yesterday and today there is 16 more of them in Ahmedabad, Gujarat. 1 in Bangalore and more than 15 in Gujarat lost their lives in these, while hundreds are injured.

So much for the growth and culture, we don’t speak human anymore. We don’t like to debate/discuss anymore, all issues are resolved with explosives, SH*T heads!

Lets pray for the departed souls and may this mayhem come to a halt soon.

As much everybody knows about the centralized forces to tackle such situations in countries like USA, it is hardly known even if we have a centralized investigation mechanism in India. Probably we should rather start seriously looking at internal issues first?

Came to know about this from another blog which I read, this site seems to have a good list of magazines that are free to read (I mean all sorts )

One of the feature that you can achieve using rules in policies on a Juniper Firewall is conditional pass through of traffic. What I mean by that is, to first authenticate the user and if you want that user to access what he is trying then, allow/disallow the traffic; More as an example;

set policy id 1 from Trust to Untrust any any HTTP permit log

The above command would allow any user from the Trust zone to access HTTP resources on the Untrust side of the firewall. Now say I want to allow only one user ; In that case I can setup an authentication prior to allowing that connection in the same *ONE* line policy as below; For the example I’m going to use a ‘user’ created locally on the firewall, however integration to external authentication server is very well supported in Juniper Firewalls.

set user <username> password <password>

set user <username> enable

set policy id 1 from Trust to Untrust any any HTTP permit auth user <username> log

The above 3 lines does the job for you. So as you know, multiple services/multiple users can go in there on a single rule. Only after the authentication, the user is allowed to access the resource. One of the very simplified approach!

The following is a working example screen-shot of a telnet session by double authentication (one on the firewall and the other on the actual telnet server).

A Telnet Session using Policy Based Authentication (Red box displays the first level of auth done at firewall, Blue box displays the actual telnet authentication)

The relevant firewall configuration used for this is as below;

   1: set user rsivanandan password password

   2: set user rsivanandan enable

   3:  

   4: set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "TELNET" permit auth server "Local" user "rsivanandan" log

Advantage of having this? I’ve seen environment where in a same username is used by different persons in the organization to login and access data. Here, we have only one authentication method and there is no way of finding out who actually logged in. If Policy Based Authentication is implemented, then controlled access can be done, as well if the username/password is integrated in the firewall policy (think of External User Database).

Then we know who accessed the data last – ACCOUNTABILITY

An evaluation of Junipers newly launched EX Series switch underwent tests for industry conformance and you can find it at Network World;

The verdict: This is one fast box. The EX 4200 delivered line-rate throughput in every case, the only switch we’ve tested this year to do so. What’s more, 10G Ethernet latency is the lowest we’ve ever measured. We also were impressed by the EX 4200′s feature set and powerful JUNOS command-line interface (CLI).

Further Read – Full set of tests run against the switch…

Juniper Firewalls can be configured in Nat/Route mode or Transparent mode, in simple terms L3 or L2 mode.

L3 :: Pure route mode where all the interfaces bear ip addresses and routing is run.

L2 :: Pure layer2 mode where all the interfaces are pass along and no ip addresses.

There is a 3rd mode which can be configured and is Mixed Mode. Say the situation demands, one of the network to be in transparent mode and others in nat/route mode.

A typical example is if you have the Firewall connected to different networks and at the same time you want to have 2 ports receive dhcp assigned ip addresses (I have this config at desk since I maintain a VPN network for testing. On the other hand on my desk I have my laptop and desktop both of which gets corporate dhcp leased ip addresses. So I have configured the SSG-20 in this mode).

   1: set interface "bgroup0" zone "Trust"

   2: set interface bgroup0 port ethernet0/2

   3:  

   4: The above is connected to a network which is routed

   5:  

   6: set interface "bgroup1" zone "V1-Trust"

   7: set interface bgroup1 port ethernet0/0

   8: set interface bgroup1 port ethernet0/3

   9: set interface bgroup1 port ethernet0/4

  10:  

  11: The above is connected to a network which is transparent;

  12:  

  13: ethernet0/0 is connected to corporate network

  14: ethernet0/3 is connected to Desktop

  15: ethernet0/4 is connected to Laptop

  16:  

So both laptop and desktop gets ip addresses leased from corporate DHCP server (Bgroup1 acts as transparent)

Google’s passive web security assessment tool is made available – open source.

A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more.

Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

Download Page…