In yesterday’s series I talked about firewall best practices and I mentioned automatically parsing the logs. Well today’s post is a lengthy examination of how I’ve done that in the past. The system was crude but extremely effective and efficient. Like I mentioned in my post yesterday, it has the potential to alert you to zero-day compromises in your network. (more…)

Here are some tips for managing your firewalls. Just having a firewall isn’t enough. You have to maintain the firewall. You have to monitor the logs. And you have to track changes made to the firewall.

Michael Farnum took it a step further in his tip-of-the-day by proposing an extra layer of protection for the ports you do allow out of your network, by using a proxy.

As a side note, I’m used to working with firewalls that have an implicit “deny all” at the end of each ACL so I normally start my ACL’s with explicit denys of P2P and IRC, followed by permits of legit traffic. However, he has a good point that to be thorough, end your ACL’s with a clean-up rule of ‘deny all any to any’.

Now on to the tips: (more…)

The ISC posted a great article about collaborating and sharing within the security community. I think that’s a great idea so this week I’m doing a series I’m calling “pay it forward” (because I don’t like their term ‘out-sharing’).

Michael Farnum over at An Information Security Space is also doing a security tip-a-day this week. We’re hoping to get something started with security bloggers sharing information and tips. Today he blogs about auditing passwords (white-hat-speak for password cracking). I especially like his method of policy enforcement!

(more…)