Archive | Security

Security in general, and specific network security products

Complexity vs Security

Many of the ‘security’ measures in our networks add complexity. That may be an acceptable tradeoff, if we make a meaningful difference to security. But often it feels like we just add complexity for no real benefit. Here’s some examples of what I’m talking about: Multiple Firewall Layers: Many networks use multiple layers of firewalls. If […]

Continue Reading

Andrisoft Wanguard: Cost-Effective Network Visibility

Andrisoft Wansight and Wanguard are tools for network traffic monitoring, visibility, anomaly detection and response. I’ve used them, and think that they do a good job, for a reasonable price. Wanguard Overview There are two flavours to what Andrisoft does: Wansight for network traffic monitoring, and Wanguard for monitoring and response. They both use the […]

Continue Reading
Firewall Pair

Using Firewalls for Policy Has Been a Disaster

Almost every SDN vendor today talks about policy, how they make it easy to express and enforce network policies. Cisco ACI, VMware NSX, Nuage Networks, OpenStack Congress, etc. This sounds fantastic. Who wouldn’t want a better, simpler way to get the network to apply the policies we want? But maybe it’s worth taking a look […]

Continue Reading
shellshock logo

Shellshock: One Month On

Shellshock was released a little over a month ago, to wide predictions of doom & gloom. But somehow the Internet survived, and we lurch on towards the next crisis. I recently gave a talk about Shellshock, the fallout, and some thoughts on wider implications and the future. The talk wasn’t recorded, so here’s a summary […]

Continue Reading

Disappointed With Check Point

I have recently started working with Check Point products again, after a 5-year break. This has given me a different perspective on how they are progressing. It has been disappointing to see that they’re still suffering from some of the same old bugs. Some of the core functionality is now showing its age, and is no longer appropriate […]

Continue Reading

CloudFlare: That Was Easy

I switched this blog over to using CloudFlare a few days ago. It’s all been pretty painless, and I highly recommend it to others. What is CloudFlare, and Why Use It? CloudFlare “protects and accelerates any website online.” It does this by acting as a reverse proxy, sitting between end-users and your website. All traffic to your […]

Continue Reading

War Stories: Check Point Meltdown

Firewalls are usually deployed as a cluster, to provide failover capabilities. Protocols such as VRRP are used to that traffic is normally routed via one node, but if that node fails, the other one automatically takes all traffic. Connection synchronisation ensures that the backup firewall is always aware of all active sessions, so that a […]

Continue Reading
Kiwicon7 Logo

Kiwicon 7

Kiwicon 7 has just wrapped up in Wellington, New Zealand. Kiwicon is “New Zealand’s own Hacker Conference.” It’s a top-notch event that’s been running for 7 years now, and highly recommended for anyone in New Zealand with even a vague interest in IT Security. I’ve been to at least 4 editions of Kiwicon now, and I […]

Continue Reading