Sep 14 2023

Next-Gen Email Firewalls: Beyond Spam Filters to Secure Inboxes Checklist

Category: Email Security,next generation firewalldisc7 @ 9:56 am

Email communication is still widely used as an attack vector despite the ever-changing nature of cyber threats.

The vast number of people who use it for communication daily, both professionally and personally, makes it a tempting target.

Cybercriminals are becoming more skilled at using malicious email campaigns in line with the growth of advanced technologies and increased security measures taken by businesses.

VIPRE Security found that 85.01% of phishing emails had harmful links inside the message body, and the volume of spam emails increased by 30.0% from the first to the second quarter of 2023.

In addition, phishing attacks against IT companies are now more common (14%) than against financial institutions (9%).

The Limitations of Traditional Spam Filters

Conventional spam filters rely on static rule-based systems with predetermined criteria or known dangerous signatures to identify emails as spam.

Their strict compliance with predetermined policies leaves companies vulnerable to ever-evolving cyberattacks. These filters rely too much on signature-based detection, making them vulnerable to zero-day threats and unable to protect against recent or modified malware. 

They can’t detect hidden risks like spear phishing since they don’t have advanced behavioral analysis. In addition, it cannot examine potentially harmful information in isolation without sandboxing characteristics.

 As a result, the ever-evolving and complicated nature of cyber threats makes their traditional approaches ineffective.

You can Understand and diagnose Email Issues using Trusitifi’s Email Header Analyzer Tool.

What are Next-Gen Email Firewalls?

Next-Generation Email Firewalls are the latest technologies for protecting against malicious emails. To quickly prevent new threats, such as zero-day vulnerabilities, these systems interact with real-time threat intelligence feeds, unlike traditional spam filters, which depend primarily on static rules. 

They scan things in-depth, including emails, embedded URLs, and attachments. Sandboxing is essential since it allows testing of potentially harmful information in a secure environment. 

Advanced systems use machine learning and behavioral analytics to identify complex phishing attacks like this. These firewalls use authentication protocols like DMARC, DKIM, and SPF to prevent spoofing and verify email senders. 

In addition, they have measures to prevent sensitive information from being accidentally leaked. These solutions, which are frequently cloud-native, provide a robust and complex approach to email security while scaling efficiently and integrating smoothly with existing security infrastructure.

How do Next-Gen Email Firewalls Protect Your Inbox?

Advanced Threat Intelligence – The use of real-time threat intelligence helps to identify and prevent emerging attacks, such as those that exploit zero-day flaws, as soon as they appear.

Deep Content Inspection – Rather than simply scanning the email’s information, these firewalls read the message in full, including any embedded URLs or files attached, to discover any hidden risks.

Sandboxing – To prevent viruses and malware from reaching their intended recipients, suspicious attachments and URLs are displayed in a safe, isolated environment.

Behavioral Analytics – These firewalls may identify spear-phishing initiatives by learning the sender’s typical activity patterns and comparing them to suspicious emails that appear to be from the same sender but act differently.

Identity Verification – Using authentication methods like DMARC, DKIM, and SPF, these tools ensure that all email arrives genuine and from a known source, protecting users from spoofing and phishing attempts.

Data Loss Prevention (DLP) – Besides inbound threats, they monitor outgoing emails to prevent sensitive material from being transmitted without authorization or violating regulations.

Machine Learning – Many modern firewalls use machine learning to “learn” from the attacks they block and better detect various threats over time.

Next-Gen Email Firewalls vs. Traditional Email Security

Next-Gen Email FirewallsTraditional email security
Quickly adapt to new threats by using real-time threat intelligence.It uses a static collection of threats and patterns to make decisions.
Emails, URLs, and attachments are all placed through an extensive content analysis.Metadata and simple patterns are the primary areas of security inspection.
Uses content isolation technologies (sandboxes) to investigate potentially harmful data.Doesn’t have a sandboxing environment.
Utilizes machine learning and behavioral analytics for real-time threat assessment.Depending on predetermined guidelines rather than monitoring user activity
Designed specifically for use in the cloud, this safeguards the present remote workforces.Less flexible with cloud integrations; works best in local installations.
The sophisticated analysis and learning capabilities have resulted in fewer false positives.There is an increase in false positives because of the inflexibility of rule-based systems.

Countering Sophisticated Email Threats with Next-Gen Email Firewalls

The importance of Next-Generation Email Firewalls in preventing modern email threats cannot be underestimated.

These modern firewalls utilize real-time threat intelligence to detect and neutralize recent security risks instead of the static rules used by older systems.

They investigate thoroughly, looking at every aspect of the email, from the subject line to the attachments. Sandboxing is a technique to test malicious code in a safe, restricted setting.

Unusual behaviors, such as those used in spear phishing or impersonation, can be detected via machine learning.

In addition, email spoofing may be prevented using sender authentication methods such as DMARC, DKIM, and SPF.

By authenticating the sender’s identity and confirming the accuracy of the received messages, these procedures act as the first line of protection against email-based threats.

SPF aims to improve email security by limiting the possibility that an unauthorized sender

In DKIM, the transmitting server gives Each email a unique DKIM signature generated using a private key. The DNS records of the sender are queried to retrieve the sender’s public key, which is then used to validate the email’s signature.

With DMARC, website administrators may specify how they want their domain’s incoming mail servers to deal with unencrypted messages that have not been authenticated. It has a policy and a statement, with three options (reject, quarantine, or do nothing). 

You can Analyze and Detect SPF Issues using Trustifi’s SPF Record Checker Tool.

Why Trustifi ? – AI-Powered Protection for Business Email Security

Next-generation email firewalls will benefit from quantum-resistant algorithms, IoT integration, and adaptive AI for threat prediction in the long run. 

Trustifi’s advanced protection uses machine learning and AI to quickly find and stop the most sophisticated email-based attacks, such as ransomware, malware, phishing attacks (malicious links), CEO impersonation protection, BEC, and account compromise, keeping hackers out of inboxes with the following email threat protection solutions.

These firewalls will prioritize cross-platform connectivity, robust data protection measures, and real-time threat sharing in response to the constantly evolving nature of cyber threats.

Trustifi Advanced Email Protection With Trusitifi Inbound Shield Offers powerful multi-layered scanning technology.

It thoroughly examines, identifies, and categorizes even the most sophisticated forms of Phishing, Malicious, SPAM, and Gray Emails. 

Modern machine learning and artificial intelligence provide comprehensive, precise threat hunting for it.

The Inbound Shield checks out and removes harmful data and for various irregularities, including the following.

  • Scammers who send emails from fake domains.
  • Money transfer and other private information requests.
  • Hyperlinks lead to malicious sites.
  • Files with potentially malicious content, such as SQL injection strings or other code snippets, are designed to execute upon download.

These filtering procedures only take milliseconds to complete and can detect previously unidentified zero-day attacks.

The Trustifi Inbound Shield is a cloud-based solution that requires no alterations to your current infrastructure to implement.

Emails could be sent and received safely without any complicated setup or concerns, and It takes minutes, not days, to set up.

The Internet and the Unregulated Space of the Scammers and Hackers: Surf the Internet Safely!

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Next-Gen Email Firewalls


Jul 30 2023

Top 7 Open Source Firewall

Category: Firewall,next generation firewalldisc7 @ 2:39 pm

What is an Open Source Firewall?

An Open Source Firewall refers to a network security solution that is developed and distributed as open-source software. Open-source software is typically released with a license that allows users to view, modify, and distribute the source code freely. This means that anyone can access the inner workings of the firewall, make improvements, and share those improvements with the community.

Open Source Firewalls are popular because they offer several advantages:

  1. Transparency: Since the source code is open and accessible to the public, users can review the code to ensure there are no hidden functionalities or security vulnerabilities.
  2. Customizability: Organizations can modify the firewall’s source code to meet their specific security requirements and network configurations.
  3. Community Support: Open-source projects often have active communities of developers and users who collaborate, share knowledge, and provide support. This community-driven approach can lead to faster bug fixes, updates, and improvements.
  4. Cost-Effectiveness: Open Source Firewalls are typically free to use, reducing licensing costs and making them attractive to organizations with budget constraints.
  5. Stability and Reliability: Many open-source projects have been around for years and have undergone extensive testing and development, resulting in stable and reliable solutions.

Source: https://hackersonlineclub.com/open-source-firewall/

Top 7 open-source firewalls known for their reliability and robust network security features:

1. pfSense:

pfSense is a powerful open-source firewall and routing platform based on FreeBSD. It provides a feature-rich web interface that allows users to configure and manage their network security easily.

Key Features: VPN support, traffic shaping, intrusion detection and prevention, content filtering, and multi-WAN load balancing.

Practical OPNsense: Building Enterprise Firewalls with Open Source

2. OPNsense:

OPNsense is another FreeBSD-based open-source firewall that offers advanced security features and a user-friendly interface. It focuses on providing a secure and stable platform for network protection.

Key Features: Firewall rules, Virtual LAN (VLAN) support, captive portal, SSL decryption, and forward caching proxy.

Practical OPNsense: Building Enterprise Firewalls with Open Source

3. IPFire:

IPFire is a Linux-based  firewall designed with a modular architecture, allowing users to add various add-ons and extensions to enhance functionality.

Key Features: Intrusion detection and prevention system (IDPS), a proxy server, support for Virtual Private Networks (VPN), Quality of Service (QoS) capabilities, and compatibility with Wi-Fi access points.

4. Untangle NG Firewall:

Untangle NG Firewall is a Linux-based open-source solution that provides comprehensive network security and unified threat management (UTM) features.

Key Features: Web filtering, application control, antivirus, spam blocker, and intrusion prevention system.

5. ClearOS:

ClearOS is a Linux-based open-source firewall that offers a range of security features and is suitable for small businesses and home users.

Key Features: Web content filter, antivirus, intrusion protection, Virtual Private Network (VPN), and bandwidth manager.

6. Smoothwall:

Smoothwall is a Linux-based firewall that provides secure internet access and content filtering for schools, businesses, and organizations.

Key Features: Web proxy, bandwidth management, time-based access control, URL filtering, and reporting tools.

7. Endian Firewall Community:

Endian Firewall Community is an open-source UTM solution that offers essential security features to protect networks from various threats.

Key Features: Stateful inspection firewall, antivirus, spam filtering, VPN support, and content filtering.

Smoothwall and Endian Firewall Community have garnered a loyal user base due to their simplicity and effectiveness in securing networks. Regular updates and community support are crucial in maintaining a reliable and secure firewall solution, as with any open-source software.

The important thing is your network’s specific needs, and choose the best firewall that best aligns with your requirements and resources.

Each of the above open-source firewalls comes with its features and capabilities, so the choice as per the specific requirements and the level of complexity needed for your network. Stay updated with the latest releases and security patches to maintain a secure network environment.

When choosing an Open Source Firewall, it’s essential to consider factors such as the size and complexity of your network, the required features, and the level of community support available for the specific project. Proper configuration and ongoing maintenance are critical to ensure the firewall’s effectiveness in protecting your network from various cyber threats.

InfoSec books | InfoSec tools | InfoSec services

Tags: Open Source Firewall


Mar 12 2023

Bring a firewall anywhere you go with this Deeper Connect Pico

As threats to both data security and personal privacy pile up, fighting back has never been more important. The Deeper Connect Pico packs both privacy tools and cybersecurity protection into a unit you can drop into your pocket.

The Pico is easy to install, taking just a minute to set up and connect. It has no subscriptions to manage or add-ons to buy, as it’s a hardware tool. Nor will it require any updates, as it’s built to be a plug-and-play device and comes with a wireless adapter.

Powered from any USB source and drawing only 1W of power, it weighs just .11 lbs and is only 3.4 inches long by 1.2 inches wide. The brushed aluminum casing is rugged and discreet, so you can throw it in your bag, hang it off your keychain, or keep it in your pocket.

Once connected, the Pico drops an enterprise-grade seven-layer firewall in front of snoops and malicious actors. Using an onboard quad-core ARM processor strong enough to work on the blockchain while you’re idle, the firewall prevents common attacks and alerts you when they happen, so you can take further action.

Also built into the hardware is an ad blocker that cuts off certain attacks and guards your privacy. It’s backed up by one-click parental control, so kids can log onto public networks while you keep the rules in place.

Providing extra security, the decentralized private network (DPN) uses other Picos as nodes for its network, with smart routing, multi-routing, and other functions across an ever-changing network that adds an extra layer of obfuscation for would-be snoops.

The world is becoming more complex, with more risks to your data when you connect to public networks. This hardware cybersecurity and VPN tool takes the worry out of connecting with others.

TP-Link ER7206 | Multi-WAN Professional Wired Gigabit VPN Router | Increased Network Capacity| SPI Firewall | Omada SDN Integrated | Load Balance | Lightning Protection


InfoSec Threats
 | InfoSec books | InfoSec tools | InfoSec services

Tags: Deeper Connect Pico


Jan 23 2023

10 Best Free Firewall Software – 2023

Category: Firewall,next generation firewallDISC @ 10:27 am

In this article, we have done a depth analysis and listed your top 10 best Free Firewall software that provided extended security to protect your system from bad actors.

Generally, every computer is connected to the internet and is susceptible to being the victim of a hacker or an unwanted attack.

The whole procedure, which is used generally, consists of mopping the network in search of a connected computer or laptop.

Then the attacker simply looks for the security “hole” simply to gain access to the data present on the computer or laptop.

10 Best Free Firewall Software 2020

All these threats could even become greater if the computer permanently remains connected to the internet.

If the PC is connected without permanent supervision, then undoubtedly it will become a gold mine for the attackers or hackers.

Hence, to protect us from intruders, we have in our favor a fantastic tool which is known as Firewall.

Frequently Asked Questions Related to Best Free Firewall Software

Q#1 What is a Firewall?

Detailed Answer: Basically, firewalls are tools that can be used to improve the security of computers attached to a network, just like LAN or the Internet.

So, if we think about what a firewall is a first and foremost thing that comes to our mind is that a firewall is a computer software program that restricts illegal and unapproved access to or from a separate or private network.

These are integral elements of a complete security framework for your system or network.

Hence a firewall works as a wall between your computer and the internet. It cleans out all the wicked traffic originating from the outside world, whereas software and hardware-based firewalls are also available.

Apart from software, USB firewall sticks are also available, and they are generally known as Armadillo and USG.

Hence, many people believe that a firewall is a device that is established on the network, and it checks the traffic that crosses within the network section.

However, apart from all these things you can also have a host-based firewall that can be administered on the computer systems themselves, along with ICF (Internet Connection Firewall). 

Fundamentally, the work of both firewalls is identical: to stop the intervention and present a robust process of access control policy.

Well, we can define, firewalls are nothing but a system that protects your computer.

Basically, the firewall achieves all these tasks by examining the data packets upon the rules that have been set up.

Hence, if the data packs are in trade with these rules, then they are allowed by the firewalls. If they lose to meet the rules, then the firewall refuses them and blocks them.

Well, in today’s generation, firewalls are serving to defend PCs and other related devices over the world, whether they refer to individual users, huge companies, or the administration.

Q#2 How Firewall Work?

Detailed Answer: Well, after knowing what a firewall is, now you must be thinking about how it works.

Basically, a firewall entirely confines your computer from the internet practicing a “wall of code” that investigates each individual “packet” of data as it appears on both sides of the firewall —that is inbound to or outbound from your device— to conclude whether it should be allowed to cross or gets rejected.

Moreover, firewalls also have further ability to improve security by enabling granular control over what types of system roles and methods have access to networking sources.

Hence, firewalls can utilize various kinds of signs and host situations to enable or disallow traffic.

However, they seem complicated, but firewalls are comparatively easy to install, set up, and work.

Establishing antivirus software as well as an extra firewall is your best opportunity to keep your system malware-free.

Furthermore, firewalls work by controlling the data traffic to allow or accept the ‘good data’ while refusing or blocking the ‘bad or malicious data.’

But, if we get into the details of the features, then the firewall uses one of the three methods or sequences of these to measure the traffic that passes in and out of the network.

Hence, the firewall permits the information to go through if the connection yields a decisive match unless the record of the data or data packet is refused.

Q#3 Types of a Firewall?

Detailed Answer: Following are the three types of firewalls.

  1. Packet-Filtering Firewalls
  2. Circuit-level gateways.
  3. Stateful Inspection Firewalls.

Packet-filtering firewalls: This is one of the original types of firewalls, which simply operates online at junction points where the devices like routers and switches simply do their job.

However, this firewall does not route packets. But it actually compares each packet received with a set of established standards like IP addresses, packet type, port number, etc.

Circuit-level gateways: It simply monitors the TCP link protocols on the network.

As they are simply established between local and remote hosts to determine if the session that is started is legitimate or not. However, apart from all these things, it does not inspect the packages.

Stateful inspection firewalls: It not only examines each packet but also track if that packet is part of an established TCP session.

Moreover, it offers more security than packet filtering or simple circuit-level gateways. And not only that even it also generates a greater impact on network performance.

However, apart from all these things, we have mentioned all the well-known and best free firewall software in 2023.

Best Free Firewall Software and Key Features

Gbhackers on Security

So, now without wasting much time, let’s get started and simply explore the whole list that we have mentioned below.

Best Free Firewall Software

  1. Comodo Free Firewall
  2. GlassWire
  3. Zone Alarm Basic Firewall
  4. TinyWall
  5. Malwarebytes Windows Firewall
  6. OpenDNS
  7. Windows Firewall
  8. Netdefender
  9. AVS Firewall
  10. Agnitum Outpost Firewall

best hardware firewall for home network

Internet Firewall Appliances

Tags: Free Firewall


Dec 12 2022

New Technique Discovered To Bypass Web Application Firewalls (WAF) Of Several Vendors

Category: Firewall,next generation firewallDISC @ 11:20 am

Experts from Industrial and IoT cybersecurity company Claroty developed a generic method for bypassing the web application firewalls (WAF) of a variety of leading manufacturers.

Following a study of the wireless device management platform from Cambium Networks, Claroty’s researchers identified the technique. They found a SQL injection flaw that might allow unauthorized access to private data such as session cookies, tokens, SSH keys, and password hashes.

Reports stated that the vulnerability could be exploited against the on-premises version, but the Amazon Web Services (AWS) WAF prohibited all attempts to do so against the cloud version by flagging the SQL injection payload as malicious.

“This is a dangerous bypass, especially as more organizations continue to migrate more business and functionality to the cloud,” Noam Moshe, a vulnerability researcher at Claroty, wrote in a company blog post.

“IoT and OT processes that are monitored and managed from the cloud may also be impacted by this issue, and organizations should ensure they’re running updated versions of security tools in order to block these bypass attempts.”

Later finding revealed that the WAF could be bypassed by abusing the JSON data-sharing format. All of the significant SQL engines support JSON syntax and it is turned on by default.

“Using JSON syntax, it is possible to craft new SQLi payloads. These payloads, since they are not commonly known, could be used to fly under the radar and bypass many security tools.” Claroty reports.

CVE-2022-1361 Improper Neutralization of Special Elements Used In a SQL Command (‘SQL INJECTION’)

Further, a specific Cambium vulnerability the researchers uncovered proved more challenging to exploit (CVE-2022-1361). Moshe says “at the core of the vulnerability is a simple SQL injection vulnerability; however, the actual exploitation process required us to think outside the box and create a whole new SQL technique”. 

Hence, they were able to exfiltrate users’ sessions, SSH keys, password hashes, tokens, and verification codes using this vulnerability. 

The vulnerability’s main problem was that the developers in this instance did not utilize a prepared statement to attach user-supplied data to a query.

“Instead of using a safe method of appending user parameters into an SQL query and sanitizing the input, they simply appended it to the query directly”, he added

New SQL Injection Payload That Would Bypass the WAF 

The WAF did not recognize the new SQL injection payload that Claroty researchers created, but it was still valid for the database engine to parse. 

They did this by using JSON syntax. They did this by utilizing the JSON operator “@<” which put the WAF into a loop and let the payload reach the intended database.

Reports say the researchers successfully reproduced the bypass against Imperva, Palo Alto Networks, Cloudflare, and F5 products.

Claroty added support for the technique to the SQLMap open-source exploitation tool. 

“We discovered that the leading vendors’ WAFs did not support JSON syntax in their SQL injection inspection process, allowing us to prepend JSON syntax to a SQL statement that blinded a WAF to the malicious code,” the security firm explained.

Hence Claroty says, by adopting this innovative method, attackers might gain access to a backend database and utilize additional flaws and exploits to leak data directly to the server or via the cloud.

Bypass Web Application Firewalls

Web Application Firewall WAF A Complete Guide

Tags: Web Application Firewall


Sep 28 2022

How Can WAF Prevent OWASP Top 10?

Category: next generation firewall,Web SecurityDISC @ 9:11 am

The OWASP Top 10 security risks point out the common vulnerabilities seen in web applications. But it does not list the set of attack vectors that WAFs (Web Application Firewalls) can simply block. This is but a myth often propagated by many a security vendor. OWASP Top 10 protection is the joint responsibility of the security vendor and the application developers.

There is a lot that an effective security solution and WAF can do to secure OWASP vulnerabilities. But in some cases, the security solution may not be able to give complete coverage against it and requires the developers/ organizations to take preventive action. 

In this article, we help you understand how a comprehensive, intelligent, and fully managed WAF can augment OWASP Top 10 protection. 

A Quick Introduction to WAF 

WAF is the first line of defense between the web application and the web traffic, filtering out malicious requests and bad traffic at the network edge. The best WAFs are part of larger security solutions that combine deep, intelligent scanning, bot management, API protection, etc., with OWASP protection. They also leverage self-learning AI, behavioral and pattern analysis, security analytics, global threat feeds, and cloud computing in combination with human expertise. 

WAFs and OWASP Top 10 Protection

Broken Access Control 

To effectively prevent this OWASP vulnerability, organizations must fix their access control model. WAFs can help organizations by 

  • Proactively identify attack vectors leveraged by attackers to exploit vulnerabilities such as design flaws, bugs, default passwords, vulnerable components, etc. 
  • Testing for the insecure direct object reference, local file inclusions, and directory traversals
  • Providing visibility into the security posture, including access control violations
  • Implementing custom rate limiting and geo limiting policies.

Cryptographic Failures

The encryption of everything, in rest and transit, is necessary for OWASP Top 10 protection against cryptographic failures. WAFs, augment protection by testing for weak SSL/TLS ciphers, insufficient transport layer protection, crypto agility, sensitive information sent via unencrypted channels, credentials transmitted over encrypted channels, etc. Organizations can then fix any issues that are identified. 

Injections

User input sanitization, validation, and parameterized queries are critical to prevent this risk. For OWASP protection against injections, WAFs use a combination of whitelist and blacklist models to identify all types of injection – command, SQL, code, etc. 

WAFs leverage behavior, pattern, and heuristic analytics and client reputation monitoring to proactively detect anomalous behavior and prevent malicious requests from reaching and being executed by servers. They use virtual patching to instantly secure injection flaws and prevent attackers’ exploitation. 

Also, Download Your Copy of OWASP Top 10 2022 Playbook

Insecure Design 

By integrating the WAF and the security solution right into the early stages of software development, organizations can continuously monitor and test for security weaknesses. For instance, organizations can identify insecure codes, components with known vulnerabilities, flawed business logic, etc., in the early SDLC stages by deploying a WAF and fixing them. This helps build secure-by-design websites and apps.  

Security Misconfigurations 

For OWASP Top 10 protection against security misconfigurations, WAFs use a combination of fingerprinting analysis and testing. They fingerprint web servers, web frameworks, and the application itself and test error codes, HTTP methods, stack traces, and RIA cross-domain policies to look for security misconfigurations. 

WAFs use automated workflows to intelligently detect misconfigurations, including default passwords, configurations, unused features, verbose error messages, etc. They virtually patch these misconfigurations to prevent exploitation by threat actors. They offer real-time visibility into the security posture and insightful reports, enabling organizations to keep hardening their security posture. 

Vulnerable and Outdated Components 

The intelligent scanning capabilities of WAFs enable organizations to continuously detect vulnerable and outdated components. Here, again instantaneous virtual patching helps secure these OWASP vulnerabilities until fixed by developers. 

Identification and Authentication Failures

Organizations must implement effective session management policies, strong password policies, and multi-factor authentication for OWASP Top 10 protection against identification and authentication failures. Intelligent WAFs leverage their strong technological capabilities to accurately identify these failures. 

They leverage their bot detection capabilities – workflow validation, fingerprinting, and behavioral analysis – to prevent brute force attacks, credential stuffing, and other bot attacks resulting from the exploitation of broken authentication and session management. 

Software and Data Integrity Failures

WAFs are equipped to detect these OWASP security risks effectively using their continuous scanning and pen-testing capabilities. They use a combination of negative and positive security models to prevent this risk. 

Security Logging and Monitoring Failures

The best WAFs offer ongoing logging and monitoring features and complete visibility into the security posture. They offer cohesive dashboards that can be used to generate customizable and visual reports, gain critical insights and recommendations to improve security, etc. 

Server-Side Request Forgery (SSRF)

For protection against SSRF, implementation of positive rules, user input validation, etc., by the organizations is critical. WAFs, on their end, can be configured to block unwanted website traffic by default, encrypting responses, preventing HTTP redirections, etc. 

OWASP Top 10 security risks

Web Application Firewall WAF A Complete Guide

Tags: Next-Gen WAF protection, OWASP Top 10, WAF


Dec 31 2021

What is a Personal Firewall?

Category: Firewall,next generation firewallDISC @ 7:55 am

What is a Firewall?

A Firewall is the controller of incoming and outgoing traffic between your computer and internet network.

Who should use a Firewall, and for what?

  1. Those wanting to prevent unauthorized remote access.
  2. Those looking to block immoral content (such as adult sites).
  3. Online gamers – at a high risk for getting hacked in online games.
  4. Business owners and those working from home – at a high risk for getting hacked.
  5. Anyone not wanting to risk their data and privacy.

Why is a Firewall important?

A Firewall is important for several reasons:

  1. Promotes privacy
    A Firewall blocks or alerts the user about all unauthorized inbound or outbound connection attempts. It allows the user to control which programs can access the local network and internet.
  2. Stops viruses and spyware
  3. Prevents hacking
    A Firewall blocks and prevents hacking attempts and attacks.
  4. Monitors network traffic and applications
    It regulates all incoming and outgoing internet users as well as applications that are listening for incoming connections. Moreover, it tracks recent events and intrusion attempts to see who has tried to access your computer.

What’s the difference between a personal and business-grade Firewall?

• A personal Firewall usually only protects the computer on which it is installed, whereas a business-grade Firewall is normally installed on a designated interface between two or more networks (allowing for a greater number of computers to be protected).
• Personal Firewalls allows a security policy to be defined for individual computers, while a business-grade Firewall controls the policy between the networks that it connects.
• Personal Firewalls are useful in protecting computers that are moved through different networks (as the protection is per computer vs. the network). It can be used at public hotspots, allowing the user to decide the level of trust and the option to reconfigure the settings to limit traffic to and from the computer.
• Unlike business-grade Firewalls, many personal firewalls have the ability to control network traffic for programs on the secured computer. For instance, when an application needs to establish outbound connection, the personal Firewall will scan it for safety, block it if it’s blacklisted, or ask for permission to blacklist it if not known.
• Personal Firewalls may also help block intruders by allowing the software to block connectivity where it suspects an intrusion is being attempted.

Risks of not having a Firewall

  • Loss of data
  • Open access
  • Network crashes

Personal computer firewall

Tags: data privacy, data protection, Firewall, Network Security, Online Privacy, Online Safety


May 16 2021

DevOps didn’t kill WAF, because WAF will never truly die

Category: App Security,next generation firewallDISC @ 9:21 pm

You can only get rid of WAF if you fully implement security into your development process and audit the process via code reviews and annual tests. But DevSecOps can’t be realistically implemented for all web apps in the enterprise environment, so WAF will stick around because it still has a job to do.

The WAF is not dead, what’s left?

DevOps and the continuous integration and continuous deployment (CI/CD) pipeline provide an excellent opportunity to implement security, especially if your agile methodology includes security sprints. It allows for security to be built into the apps from the start, rather than taking the traditional route of applying it later, which is not only inefficient but – in the frenetic pace of CI/CD – can be overlooked, ignored, or forgotten.

Although security for all web apps should be built-in from the start, our experience shows that it is usually only applied to the “crown jewels,” like the company’s primary customer portal or client payment systems. In an enterprise environment, it’s not unusual for a company to be running old apps in which code is no longer maintained or apps integrated through acquisition.

Additionally, departments such as R&D and marketing frequently implement custom or third-party applications. This app proliferation can result in more than 50% of public-facing web applications in an organization being managed by DevOps or other disparate IT groups. These apps will need additional mitigation controls, which is where WAF comes in.

Tags: DevOps, SecDevOps


Mar 14 2021

Next-Gen WAF protection for recent Microsoft Exchange vulnerabilities

Category: Firewall,next generation firewallDISC @ 11:41 am

We strongly suggest that customers using Signal Sciences Next-Gen WAF in front of their Microsoft Exchange servers enable this rule as soon as possible and configure it to block requests if the signal is observed. Additionally, follow all guidance from Microsoft to patch affected systems. The vulnerabilities in question are actively being exploited globally and have severe impact.

Patching Microsoft Exchange systems

We are seeing a large uptick in exploitation attempts in the wild. This is an evolving story and our teams are working continuously to ensure the rules are catching the latest attacks, but this should not be your only line of defense. We strongly recommend that you patch affected systems, perform incident response,  and follow recommendations from Microsoft.

Exploit chain

The observed attacks on Microsoft Exchange systems chain together multiple CVEs (Common Vulnerabilities and Exposures) to carry out the attack. The impact of these attacks range from full system takeover through Remote Code Execution (RCE), as well as email inbox exfiltration and compromise. At a high level, the exploit chain is carried out as follows:

  1. A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server identified as CVE-2021-26855 allows attackers to send HTTP requests to the exposed Exchange server and access other endpoints as the Exchange server itself. This is an unauthenticated step of the attack which makes the vulnerability exceptionally easy to exploit.
  2. An insecure deserialization vulnerability identified by CVE-2021-26857 leverages the SYSTEM-level authentication obtained by the above SSRF attack to send specially-crafted SOAP payloads which are insecurely deserialized by the Unified Messaging Service. This gives the attacker the ability to run code as SYSTEM on the Exchange server.
  3. After CVE-2021-26855 is successfully exploited, attackers can then utilize CVE-2021-27065 and CVE-2021-26858 to write arbitrary files to the Exchange server itself on any path. This code that is uploaded by the attacker is run as SYSTEM on the server. Lateral movement, malware implanting, data loss, escalation, and more can be carried out through these vulnerabilities.

By enabling the Signal Sciences Next-Gen WAF templated rule, the first step in the exploit chain cannot be carried out. If you would like to dig deeper into the technical details of this chain of attacks please see this post by the folks at Praetorian. To enable the templated rule, please refer to our documentation for details on how to enable templated rules.

The post Next-Gen WAF protection for recent Microsoft Exchange vulnerabilities appeared first on Signal Sciences.

Your best practice guide to configuring Cisco’s Next Generation Firewall

Tags: Next Generation Firewall, Next-Gen WAF protection


Feb 08 2021

SonicWall Zero-Day

Category: Firewall,next generation firewallDISC @ 4:01 pm


Jan 20 2021

Web application firewalls bypasses collection and testing tools


Jan 29 2017

Top 5 excellent Antivirus Protection of 2017

Excellence is achievable but perfection is not. Find an excellent anti-virus product based on your requirements.

 

Malware are evolving faster than ever, so it’s encourging to discover that the latest generation of antivirus (AV) are better equipped to handle this evolving pace of change. Information security best practice recommends that every PC should run at least antivirus (antimalware), antispyware, and a firewall, and you keep it up to date. So if you’re not running an anti-virus, or may feel your anti-virus could do a bit more, take a look at the list below  and find an anti virus solution which fulfill your current needs based on the modern day threats.

 

All five antivirus solutions below includes On-Demand Malware Scan, On-Access Malware Scan, Website Rating, Malicious URL Blocking, Phishing Protection and Behavior-Based Detection.

 

1) McAfee Antivirus plus

[mks_col]

[mks_one_half]Unlimited protection for Windows, Android, macOS, and iOS devices. New behavior-centric antivirus engine. Essential antivirus protection for PCs, Macs, smartphones, and tablets. [/mks_one_half]

[mks_one_half] [/mks_one_half]

[/mks_col]

 

 

2) Webroot Secure Anywhere Antivirus

[mks_col]

[mks_one_half]For Cloud Security it will analyze files, phishing sites, malicious web pages, IP addresses, and mobile apps providing a real time view of current threats and enabling protection from zero day attacks.Can recover files encrypted by ransomware. Uses tiny amount of disk space. Very fast scan. Handles unknown malware. Includes firewall.[/mks_one_half]

[mks_one_half][/mks_one_half]

[/mks_col]

 

 

3) Bitdefender Antivirus Plus

[mks_col]

[mks_one_half]Effective ransomware protection. Many bonus features including password manager, secure browser, and file shredder. Wi-Fi Security Advisor. Always secure on the go.

[/mks_one_half]

[mks_one_half][/mks_one_half]

[/mks_col]

 

4) Symantec Norton Antivirus Basic

[mks_col]

[mks_one_half]Protection is always up-to-date to defend against spyware, malware, and unsafe websites, while safeguarding your identity and online transactions. Powerful intrusion prevention. Norton Power Eraser blasts persistent malware. Password management.[/mks_one_half]

[mks_one_half][/mks_one_half]

[/mks_col]

 

5) Kaspersky Antivirus

[mks_col]

[mks_one_half]Kaspersky Anti-Virus helps protect against viruses, spyware & more. Great for antiphishing and speedy full-system scan.[/mks_one_half]

[mks_one_half][/mks_one_half]

[/mks_col]

 

Our recommendation is based on The best Antivirus protection of 2017

Top Rated Antivirus Protection




Tags: Antivirus software, bitdefender, kaspersky, McAfee, Symantec, webroot


Oct 23 2011

Palo Alto Networks takes Firewalls to next Level

Category: Network security,next generation firewallDISC @ 8:50 pm

Ashlee Vance, Bloomberg Businessweek
For the past 15 years or so, security pros have relied on the trusty firewall and other hardware to keep bad guys from running amok on corporate networks. For the most part, this has meant blocking tainted e-mails and keeping workers away from harmful websites.

The latest wave of Web services, like Skype and Google Docs, has introduced fresh problems. They can transfer files, store data and allow remote computer access in ways that can’t be easily patrolled by the standard sentinels.

Nir Zuk has another option. He’s a veteran of the traditional firewall and security industry who struck out on his own six years ago to create a product for today’s Web. The company he founded, Palo Alto Networks, sells a next-generation firewall that makes modern Web services safe for the workplace and gives companies precise control over how their employees can use them.

“Our customers don’t want to block Facebook,” Zuk said. “They want to use it, but they also want some control.”

As interest in Web-based software has surged, so too have Palo Alto Networks’ sales. The company has hopped from office to bigger office since its birth at Zuk’s Palo Alto house in 2005. This year, the company moved into a giant headquarters in Santa Clara.

A year ago, Palo Alto Networks had 1,000 customers; today it has 4,500, including Qualcomm, the city of Seattle, and eBay. Sales will exceed $200 million this year, according to Zuk, who adds that the company is gearing up for an initial public offering.

Zuk says Palo Alto Networks owes much of its success to modern computing habits, which require more sophistication than what’s provided by traditional security products. Older firewalls are designed to monitor one-way traffic. E-mails and data from websites pour in, and the security products look for suspicious patterns. Yet threats can snake their way through a network in various ways: A worker might go to Facebook, click on a nefarious link, and download a virus. Soon enough, he’s using software from enterprise cloud computing company Salesforce.com to upload those infected sales data files and send them to colleagues.

“Most security groups used to focus on blocking apps like Skype or GoToMyPC but now are often required to allow them to be used,” says John Pescatore, an analyst at the research firm Gartner. “That’s why firewalls needed to evolve.”

Palo Alto Networks gives each Web service its own signature. This means that Palo Alto’s systems know when employees are using Skype or Salesforce.com, and have a general idea of what they’re doing there. Customers can set policies for how an application is used so that, for example, all employees can view Google Docs files, but only some can actually create them.

Keeping track of all the traffic flowing through a corporate network requires a lot of computing horsepower, and part of Palo Alto Networks’ secret sauce is a homegrown chip that chews through data quickly. A Palo Alto Networks system can even peer into encrypted traffic: It’s fast enough to decrypt packets of information, check whether they’re safe, and then pass them on to the employee who requested them, all without much lag.

Norm Fjeldheim, the chief information officer at chipmaker Qualcomm, says the Palo Alto Networks systems he bought replaced not just firewalls but also things such as intrusion detection hardware and other types of security systems. “They are doing the work that was done by multiple things in the past,” Fjeldheim said. “They watch over everything.”

To date, Palo Alto Networks has raised a total of $65 million. In August, Palo Alto Networks lured Mark McLaughlin from his role as CEO of VeriSign to run the young company and prepare it for an IPO.

Venture capital firm Sequoia Capital is one investor.

Said partner Jim Goetz: “I don’t think we’ve ever seen an enterprise technology company grow as quickly.”

Download the e-book now!
Download a Free copy of “Next-Generation Firewalls for Dummies” ebook to find out why traditional firewalls can’t protect your network | Checkout the sample chapter online

PALO ALTO NETWORKS RECOGNIZED FOR ENTERPRISE FIREMALLS.: An article from: Computer Security Update





Feb 28 2011

Is the next generation Firewall in your Future?

Category: App Security,Firewall,next generation firewallDISC @ 3:02 pm

Download a Free copy of “Next-Generation Firewalls for Dummies” ebook to find out why traditional firewalls can’t protect your network | Checkout the sample chapter online

By Ellen Messmer

The traditional port-based enterprise firewall, now looking less like a guard and more like a pit stop for Internet applications racing in through the often open ports 80 and 443, is slowly losing out to a new generation of brawny, fast, intelligent firewalls.

The so called next-generation firewall (NGFW) describes an enterprise firewall/VPN that has the muscle to efficiently perform intrusion prevention sweeps of traffic, as well as have awareness about the applications moving through it in order to enforce policies based on allowed identity-based application usage. It’s supposed to have the brains to use information such as Internet reputation analysis to help with malware filtering or integrate with Active Directory.

But how long will it take for the NGFW transition to truly arrive?

To read the full article …..

Download free ebook for next gereration firewall how it may protect your information assets

Download a Free copy of “Next-Generation Firewalls for Dummies” ebook to find out why traditional firewalls can’t protect your network | Checkout the sample chapter online




Tags: Application security, IDS, IPS, NGFW