Tag Archives: Security

Real Time Block Lists with Palo Alto Firewalls

If you use a Palo Alto firewall, a new feature since PanOS 5.0 is the real time block lists. I’ve had a few people ask me how to set them up so here is the instructions.

To know what the max number of IPs that your firewall can handle in the RBL, run the following command from the CLI.

show system state | match cfg.general.max-address

This will give you the maximum number of IPs you can have in the list.

Next in the gui on your Palo Alto device, head to objects and then in the left, go to Dynamic Block Lists.

PaloAlto-RealTime-Block-Lists-1

Here is the list of block lists that I’ve configured. To create a new one, click on the add button and give the list a name and a web source for the list. Decide how often you want it to update.

PaloAlto-RealTime-Block-Lists-2

Finally you need to create a deny rule blocking these sites inbound.

PaloAlto-Deny-Policy

Commit the changes and you are off to the races. I often will leave logging on for a bit to see what is being blocked, but eventually, I turn it off because I don’t really care what traffic I am dropping.

Here is a list of sites I pull in. It appears some of these might be managed by a Palo Alto engineer, but I am not certain about this.

  • DSheild Top 20 – https://panwdbl.appspot.com/lists/dshieldbl.txt
  • https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
  • SpamHaus – https://panwdbl.appspot.com/lists/shdrop.txt (Spam list)
  • Zues Tracker – https://panwdbl.appspot.com/lists/zeustrackerbadips.txt
  • Malware Domain List – https://panwdbl.appspot.com/lists/mdl.txt
  • Openblock List – http://panwdbl.appspot.com/lists/openbl.txt

 

 

 

OWSUG Meeting – Windows 7 Security Tidbits & Understanding and Preventing Insider Threat

This looks like an excellent event to attend. I strongly recommend this one to anyone who can make it out to the event.

 


OWSUG

June 3rd 2009 User Group Meeting

Topic: Windows 7 Security Tidbits & Understanding and Preventing Insider Threat

Description:

Windows 7 Security Tidbits – Windows 7 is coming and the boss is asking you about all those new security features. Perhaps you’ve heard some buzz about AppLocker? What’s this about DirectAccess connecting securely to your corporate network without a VPN?  What’s up with BitlLocker To Go? In this fun and interactive session, Kai Axford, a Microsoft Senior Security Strategist with Microsoft’s Trustworthy Computing team, will demonstrate some of the new security features in Microsoft’s newest desktop operating system. Bring your questions and get the scoop on these upcoming Microsoft security technologies!

Understanding and Preventing Insider Threat – Many analysts have stated that the Number One issue facing corporate customers today is the threat of targeted corporate espionage coming from within the organization. Join Kai Axford, a security strategist from the Microsoft Trustworthy Computing team for an entertaining and engaging session, as he shares real stories from the trenches about the risk this threat presents for both you and your customers. He’ll demo the means by which these attacks occur and discuss the mindset of the attackers. Don’t miss the chance to see how this is done!

Speaker:

Kai Axford (CISSP, MCSE-Security) is a Senior Security Strategist in Microsoft’s Trustworthy Computing Group.

A ten-year Microsoft veteran, Kai is responsible for discussing and recommending security solutions for both private and public sector organizations. In addition, he conducts Chief Security Officer councils worldwide, taking executive feedback and affecting change within Microsoft’s security products and processes.

Kai started with Microsoft in 1999 as a Server Support Engineer and then moved on to become an IT Pro Evangelist, focusing on his peers through the Microsoft TechNet Events program. Kai has delivered more than 300 security presentations on a variety of topics, including digital forensics, security management, incident response, and computer espionage. He is a frequent speaker at security conferences, executive meetings, and business seminars around the world.

He is finishing an MBA in Information Assurance and is a member of ISSA, INFRAGARD, ASIS, and the North Texas Electronic Crimes Task Force. He was the recipient of the 2006 “Rising Star” award from the Information Security Executive council. Kai is interested in security management and hopes to become a Chief Security Officer one day.

Prior to Microsoft, Kai served as a leader in several real-world operations with the U.S. Army’s elite 75th Ranger Regiment. Originally from Wisconsin, Kai is a huge NFL Green Bay Packers fan.  He is based in Dallas, Texas with his lovely wife, a new baby boy, and a (very wet) yellow Labrador.

Location:
Microsoft Canada Co.
100 Queen Street Suite 500
Ottawa, Ontario
K1P 1J9

Agenda:

5:00 p.m.  Event registration
5:30 p.m.  Q & A
8:00 p.m.  Door Prizes

Notes:

· Pizza and Pop will be served, Please RSVP to help us order enough of both.

· Please note that no one will be admitted after 5:55 p.m.!

RSVP: http://www.clicktoattend.com/?id=138491

Links

OWSUG.ca Web Site          http://owsug.ca/

OWSUG.ca Mailing list     http://lists.owsug.ca

OWSUG.ca Blog                  http://owsug.ca/blogs/MainFeed.aspx

OWSUG.ca Forums            http://owsug.ca/forums/default.aspx

Windows 7 – The Lineup is Released

Microsoft announced their Windows 7 lineup today. The plan for Windows 7 is to promote 2 main versions in North America, Professional and Home Premium, but the other versions will be there as well.

The versions being offered are as follows and the points listed are my interpretation of the what I read in the article.

  • Starter – Only available to OEM’s.
  • Home Basic – Not available in North America
  • Home Premium – The version for home users
  • Professional – Mainstream version for business customers
  • Enterprise – For customers who opt to purchase Software Assurance, has bitlocker and other security features
  • Ultimate – For those customers who want every feature available

According to the article, there is supposed to be a natural progression from version to version, as opposed to having some features in some versions and not others at the same level like we saw in Vista. (The example given was Media Centre being available in Vista Home Premium but not Vista Business).

It will be interesting to see what the differences between versions on Windows 7 will be. From the press release, it looks like Bitlocker will only be available to customers who buy Ultimate or purchase Software Assurance and utilize the Enterprise edition of Windows 7. That’s a shame because I think the value of Bitlocker should be available to home users along with businesses. Home users have a need to protect their data just like a company, but I guess I can’t have everything in one version.

The complete plan is located at http://www.microsoft.com/presspass/features/2009/feb09/02-03Win7SKU-QA.mspx

 

Technorati Tags:

Conficker Virus

A new worm is making the rounds to machines which haven’t been kept up to date with security updates. The worm works because of an exploit which was patched in October’s Out-of-Band patch , which I blogged about.

To ensure you don’t pick this up this new worm, make sure you are up to date on patches and have an updated antivirus on your machines.

For more information check out the following links:

SANS Institute – http://isc.sans.org/diary.html?storyid=5671&rss

Microsoft® Malware Protection Center – http://blogs.technet.com/mmpc/archive/2009/01/13/msrt-released-today-addressing-conficker-and-banload.aspx

Microsoft Help and Support – http://support.microsoft.com/kb/962007

Windows 7 Beta

The Windows 7 Beta was to have been released to the general public and you were to get the beta through the Windows 7 page at Microsoft.com http://www.microsoft.com/windows/windows-7/. Having went to the page and looking around, I clicked on IT Pro. From there a page comes up and says basically that the interest in Windows 7 was so great that were experiencing some problems because of the heavy traffic. They will be adding more resources so that the download experience will be better and then will be posting the beta. Check out this link to the Windows 7 Team Blog for the latest information. 

If you went to TechDays here in Canada, remember that free TechNet subscription you received in your box of Techie Crunch? Well, here is a chance to get some value from it. Go hit the TechNet site and download Windows 7 from there.

If you don’t have a TechNet or MSDN subscription sit tight and know you will be able to get it soon.  Apparently, Windows 7 was showing up before the beta went live in the torrent streams, but it wasn’t the correct version in some cases, as you can see in this post on Softpedia . My suggestion is to wait it out and get the correct version straight from Microsoft. Don’t waste your time and bandwidth downloading something that may be no good, or worse, tampered with and made into a security risk.

 

Technorati Tags: ,

Windows 7

I am sitting in the 2nd Day keynote and they are talking about Windows 7. I had a chance to see it in action on Sunday. Here are some of the highlights for System Administrators:

Continue Reading

Critical Out-of-Band Hotfix

I was sitting on the couch last night relaxing from a busy day in Ottawa and I received an email on my Blackberry indicating there was an out-of-band hotfix. You don’t normally see these type of hotfixes, so when one comes along its best to try and implement them asap. Continue Reading

Microsoft Security Bulletin Advanced Notification for October

The October advanced notification is posted at http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx. This will give you advanced notice of what updates you can expect see next Tuesday, when Microsoft releases their security patches.

EnergizeIT Certification Boot Camps

Microsoft has a event tour going around Canada in support of EnergizeIT in Toronto. They are giving out a copy of a Study Kit and a voucher and will be presenting some information on Windows Server 2008, Virtualization Security and a Security Bootcamp.

I have attached the links to the signup for all the cities involved below. The Microsoft page about this event is located at http://www.microsoft.ca/technet/energizeit/certificationbootcamp.

It hits Ottawa May 15th.

Enjoy


National User Group Tour
Presented by Your Canadian User Groups

With new products being launched,  new technologies being introduced and increased pressure to ensure security across the board, it’s hard to know what the best way is to get up to speed and make sure you’re ready for this wave of opportunity. And even if you do know your “stuff”, how to prove that to your boss or clients?
Join us at the Energize IT Certification Bootcamp where we will take you through hot topics such as Windows Server 2008 and Virtualization Security as presented at this year’s Energize IT event in Toronto and discuss certification paths available along with tips and suggestions on how to approach exams.  Be ready ahead of the curve and show what you know through certification.
By joining us at this event, you will have the opportunity to choose a certification study kit from one of the following four books:
1. MCSA/MCSE Self-Paced Training (Exam 70-299):
Implementing and Administering Security in a Microsoft Windows Server 2003 Network
2. MCTS Self-Paced Training Kit (Exam 70-640):
Configuring Windows Server 2008 Active Directory
3. MCTS Self-Paced Training Kit (Exam 70-642):
Configuring Windows Server 2008 Network Infrastructure
4. MCTS Self-Paced Training Kit (Exam 70-643):
Configuring Windows Server 2008 Applications Infrastructure
The quantities per city are limited and based on a first come, first serve basis.  Arrive early to avoid disappointment.

 

City

Date

Halifax *

May 13th

Toronto

May 14th

Ottawa

May 15th

Montreal

May 20th

Winnipeg

May 21st

Regina

May 22nd

Victoria

May 26th

Vancouver

May 27th

Calgary

May 28th

Edmonton

May 29th

NSA Security Guides

The National Security Agency in the United States has posted their 60 Minute Network Security Guide.

This is good start for system hardening.

Other guides from them are located here.