Network managers looking for an inexpensive way to better secure traffic crossing their nets might want to check out a free application from Intoto.
Intoto, a provider of security software for enterprise network equipment and CPE gateways, last week at Interop, introduced a stand-alone intrusion-prevention system (IPS) application that the company says will help small and midsize companies looking for enterprise-scale security tools.
The Now User Filtering Works (NuFW) team has announced the initial release of the 2.2 stable branch. NuFW is a user-authenticating firewall that runs on top of the the Netfilter framework. This release includes several new features, including complete support for IPv6.
Source: Arstechnica.com - Posted by Benjamin D. Thomas
Two months ago, we published Everything you need to know about IPv6, telling you the following about firewalling IPv6 in relationship to the Network Address Translation that is common in today's IPv4 home routers.
If you have a router or home gateway that supports IPv6, make sure that it, too, filters IPv6. A stateful filter that allows outgoing connections and return traffic, but not incoming connections is closest to the IPv4 NAT filtering functionality.
This is in line with the recommendations in a document that the Internet Engineering Task Force's IPv6 Operations (v6ops) working group is developing:
AlgoSec announced its latest version which provides a web-user interface to ensure policy compliance and maximize network efficiency. AlgoSec Firewall Analyzer solutions provide risk management, change management, automated audit, and security and policy compliance capabilities in easy to deploy and use offerings. AlgoSec’s solutions do this by delivering unmatched analysis, visibility and intelligence into an enterprise’s firewall configuration and policy.
Check Point® Software Technologies Ltd. (Nasdaq: CHKP), the worldwide leader in securing the Internet, today announced that the new VPN-1® Power NGX R65, an integrated firewall, VPN and intrusion prevention gateway, has successfully set a significant new industry performance standard for combined firewall and intrusion prevention speeds through an open server: 12 Gigabits per second (Gbps) for firewall throughput and up to 5.1 Gbps intrusion prevention throughput.
Between the latest firewall technology and advanced intrusion detection systems, IT professionals are breathing a little easier. This is a big mistake. It may be easier to protect the network from external attack these days, but the greatest security risks still come from inside the DMZ. I work for a small, single-branch credit union in Minneapolis, and I am a one-man shop. If there's a technical problem, I'm the guy who has to fix it. Once a year, auditors from a large accounting firm come in to perform an audit for our year-end financial statements. In the past, the only tech support I needed to provide was to set up a local printer they could use from their laptops. I couldn't have given them access to my network if I wanted to, as their techs had their laptops locked down, and I couldn't make any changes to their setup.Write Comment
Computer Associates, a business software vendor will market a 'host-based' firewall that learns-by-example to provide better security of computers and computer networks, the company said. The firewall provides centrally managed computer security and simplifies deployment on Windows systems, the company said.
Most major Linux distributions, SuSE ones included, feature some user interface for firewall configuration. There's nothing wrong with them but I couldn't get quite the configuration I wanted and chose to create configurations manually. The iptables man pages are really a documentation of syntactical detail of the iptables command line and don't provide guidance on composition of a firewall from a series of rules. There's a lot of scattered information about iptables that can be found using your favourite search engine but none of it quite taught me what I needed to know. In the end I figured out what I needed using a Vmware virtual machine running SuSE Linux Pro 10.0. The following is offered as documentation of simple firewall configuration using iptables. Verifying that the resultant firewall adequately secures the relevant hosts is left as an exercise for the reader.
Firewalls are used to protect your network from the outside world. Using a Linux firewall, you can do a lot more than just filtering packets. This book shows you how to implement Linux firewalls and Quality of Service using practical examples from very small to very large networks.
After giving us a background of network security, the book moves on to explain the basic technologies we will work with, namely netfilter, iproute2, NAT and l7-filter. These form the crux of building Linux firewalls and QOS. The later part of the book covers 5 real-world networks for which we design the security policies, build the firewall, setup the script, and verify our installation.
Providing only necessary theoretical background, the book takes a practical approach, presenting case studies and plenty of illustrative examples.
All ports were open to the world and practically every application had holes in it. It was like the Wild West. Eventually application security became a big deal as more serious issues were uncovered and more commerce depended upon secure platforms. Network security was next on the scene. It made sense to build a single choke point for all security needs. It was slick because it could see all the packets in transit to and from your servers, and turn off all access to anything that had a known hole in it. Those were the good times. Times have since changed.
