After a while I decided to browse to see if there is any article of interest and ended up in IP Journal (Cisco’s). In this edition there is a fairly neat and to-the-point explanation of IP Spoofing. For some one who is just coming to security, which is the case of a lot of guys I know; this would be a good read.
Especially the section as to what are the methods (not very effective), we can take to identify IP Spoofing. In most cases asymmetric routing can happen if we want to put in some methods to identify this by IP trace back which then would falsely identify a legitimate traffic as spoof!
A good read overall [ Here ]
Transparent firewalls are definitely a great enhancement to traditional firewall arena, for the very reason that the presence is not revealed.
A simple article on what are the advantages of having one in such a mode is described … Read More…
One of the other reasons why I like Juniper Netscreen firewalls is the same again. All of the models can work as Transparent mode firewalls (it doesn’t mean the drawback is like you can’t have VPN on it, even I thought so but these firewalls also allow you to build a VPN while in Xparent mode.
If you’re one among who *knows* the basics but haven’t thought about it in action since you AREN’T a hacker, you would love this paper.
ARP Spoofing isn’t a new thingy in attack world but the paper puts some insight into what you already know but haven’t seen it in any form. Another good read from SANS
[Click Here]
Happy Reading…..
The egress filtering is often forgotten since the theory of Enterprises is that ‘allow everything from my internal network to go outside’ and by default nothing will be allowed back into internal from Internet. This seems to make a lot of people happy about their networks nevertheless, it is good and needed for certain scenarios but not ‘the best solution’.
This paper describes about Egress Filtering and I would highly recommend everybody to take a look at it;
[Click to redirect to the article]
Some time back when I was testing the Cisco IDS system at a Cisco Offshore Development center, I often felt like we are in an era of ‘converged solutions’ but often the elements are not converged at all.
A distributed Intrusion Detection/Prevention System should be able to manage itself to a larger extent on the operational side and should leverage the fuctionality of assessments to the Network Security Auditor
The article is a mix of ideas I brooded and published at SecurityDocs
[Click to redirect to the article]
“Any activity cannot be managed if it cannot be measured…” One of the things I love about this is, this is like a striking quote! Conveys a lot of message in a single sentence and I believe it is true.
Shirley C Payne writes about ‘Security Metrics’ at Sans.org, a highlevel guide for an approach of process-definition of how it can be started off. Any company can start a program like this if you really care about your management since it gives you the measurement.
[Click to redirect to the article]
It is a great feature enhancement we have now, the so called ‘transparent firewalls’. A firewall that works in Layer 2.
Advantages ? Just plug into the network, nobody will even know that there is a firewall sitting in between and doing filtering of packets since there is no ip addresses involved and so neither routing….
Transparent, Bridging Firewalls
So if you are new to this, take a peek and have fun…. Though it is not a paper which covers in and out of the technology but it kinda gives you an overview. Commercial products & Industry leaders like Cisco (PIX Firewall) & Juniper (Netscreen Firewall), already have products for the game…
[Click to redirect to the article]
I’ve been in the habit of reading technical papers (one a day, sounds like a tablet). I believe, it would be a good idea to keep all of them in one place and so ‘Paper Of The Day’ 
Hardening the TCP/IP stack to mitigate/hanle SYN attacks
The paper brings in an interesting log of parameters that can be tuned/altered to protect servers from SYN flood attacks. Now it necessarily doesn’t mean that it will protect you cent percent but after tuning, the server will manage to survive a little better than the default configuration. Author has chosen to explain and give examples on RH Linux 7.3, Windows 2000, Sun Solaris 8 and HP-UX 11.0
It is quite interesting that these parameters are there still lot of servers (esp. web servers) are deployed with default configuration! Tweaking these settings aren’t ‘Rocket Science’ especially when you have documentation like this by good authors…
[Click to redirect to the Article]
After a while I decided to browse to see if there is any article of interest and ended up in IP Journal (Cisco’s). In this edition there is a fairly neat and to-the-point explanation of IP Spoofing. For some one who is just coming to security, which is the case of a lot of guys I know; this would be a good read.