I recently installed a Cisco PIX 501 and would like to test out my security. How might I go about this? Websites like GRC dot com perhaps? I am very new at this all and would appreciate the most basic of suggestions.
ALSO:
In the past I had Zone Alarm Pro installed and often I would get pop ups asking if I would like to allow a certain connection. For example my anti virus program would like to check for updated definitions. Now that I have the Cisco installed and still have Zone Alarm Pro I continue to get these messages. If I were to uninstall Zone Alarm Pro would these connections be allowed without my permission? If so that does not seem to secure.. If anyone has an idea where I am coming from please explain how I can set the Cisco to alert me to attempted connections by whatever is trying to "phone home".
Thank You Everyone.
PS: To those that have emailed me regarding my various newbie questions, I think it might be better to answer here in the newsgroup so that others in the future might benefit from your answer as well.
CISCO PIX501 is not a application firewall its a hardware firewall it will never give you popup for any application connecting Inside to outside interface. By Default PIX works like:
-All inside is allowed to outside zone
-Alloutside is denied to inside interface.
So you an block/filter the Application /Ports runing from inside to outside through access-list.
Define a security concept. Define the threats you want to be secure from. Implement parts of this concept with your 501. Define a testing scenario. Optionally write a test bench. Test your implementation.
formatting link
Your're welcome.
Yes. But this doesn't matter, because "controlling outbound" is a b0rken concept anyways.
Hmmm.. So how does one protect against keyloggers? From what I understand it is possible to infect ones PC by going to the wrong website with the wrong Browser or the wrong combo of Browser, Antivirus etc - in other words if one manages to pick one up somehow (a keylogger) how can it be prevented from working?
Is there a solution? Software perhaps like "Ad-Watch SE Professional" or "Spy Sweeper"?
To the others that participated in this thread: It's all somewhat above my head right now. I am figuring things out SLOWLY. Imagine you were trying to swim across a river but you could barely dog paddle and there was a current...
I do appreciate the input though.
I would like to, for example, be safer from trojans. But trojans connect from many different ports - where do I start blocking, and how? I don't suppose that is the way to go about it anyway. But it is an example of where I am coming from.
What is an example of a security concept? My cable modem is cabled to my PIX, my PC is also cabled to the PIX and my wireless router is also cabled to the PIX. I am most concerned about the hardwired PC.
I would most appreciate an answer in the following form:
"This Will Enable The XYZ Feature of the PIX"
turn on pc.
start hyperterminal.... and go to the PIX command line.
take a deep breath.
type "enable" without the quotes.
.......
.......
Now your PC is more secure in the following sense.....
To anyone who is amazed at my lack of understanding.. No one is required to answer my questions.
To anyone that needs tips on rebuilding and maintaining Harley Davidsons, or how to do more safely attempt high speed wheelies and stoppies feel free to ask :)
Hardware firewalls are not hooking to the kernel so traffic from inside to outside is gonna be aloud. Small example: If you install a key-logger for example and it uses let's say 53 DNS port or HTTP 80 port with encrypted traffic ..Like the Ghost from Starcraft used to say "Never know what hit them!!!" It is gonna go out unnoticed . Hardware firewalls cannot determent witch program makes the call outside.
Networking Student. The real problem here in my opinion is "Windows like operating systems", and "windows like applications"... When I run nmap from my XP at my Solaris box, it returns something like, "i think there is an computer there and it might be up"... This is key to understanding why an OS like UNIX/LINUX which has TCP/IP built into the kernel (or of course a cisco router which has a realtime UNIX-like kernel (IOS). I don't know this for a "fact" but i have heard (from a UNIX kernel guru) that a PIX box doesn't run a kernel is has a firmware dedicated application whose MAIN job is to read the access list and match IP's, and subnets to ports...in hardware/firmware.
The point is that an operating system like Windows (where TCP/IP was an "add on" in 1998 can't compete with a dedicated realtime kernel whose only job is matching ports with IP's, and subnets... Especially when an operating system like UNIX/ Solaris/LINUX at least can be made to become a black box (a network brick)...
Not that is always is... but CAN be made into a network brick.
Dr Eugene Schultz said at SANS a few years ago that IE minimized and just "running" on a Windows like box opens up some large number (I think it was 40, but don't quote me on the number..) vulnerabilities... So imagine the gigantic number of holes in the entire mess... remote administrative ports, wide open by default; programs that are all huge black boxes of bloatware... I won't go on and on.. but I think you get the picture...
How can an application firewall running on a Windows box really compare to Gauntlet or FW-1, where it looks like a GUI, but in fact is locking down IP's, subnets and ports at the kernel's IP layer compare (yes one does have to struggle above that layer with application issues...One has to be aware of what programs are doing... But with OpenSource UNIX/LINUX one can "go to the source" and look at what the programs are doing, but one CAN... With Windows most of the source is only avalaible to people inside the MS Developers groups... and all the other junk is all black box stuff where normal users or even MS certified folks don't have access to the source... Yes it can be disassembled, but how many of us have time to dissassemble
*everything* it that world? I think this is why so many people on this list understand that you can't really trust that "world"...
If you are running strong authentication and strong encryption applications (like SSH) through a box (be it a PIX, or a UNIX box hardened down to a network brick, with only minimized services (no NFS, no NIS, no applications not needed, at least you have a reasonable shot at having a Bastion Host which can actually stop unwanted traffic). not perfect, but not impossible to secure..
Add to this picture a choke and firewall router pair that add additional layers to the "firewall" picture.
Better than nothing in my opinion, but running on an open wound of an OS.... Sorry Bill Gates.. ;-)
You are on the right track, in my opinion.. Keep thinking about IP's, ports, subnets... Then look into security programs that match IP's to Ethernet addresses (to identify machines pretending to be other machines) Start with a network brick and then add applications one by one, matching them against a vulnerability database, preferabily applications that are OpenSource... where you can at least look at the code, and others have.
A group like comp.security.firewalls has many more eyes than any one of us, so if we work together we can identify applications that are insecure easier if we stay focused on the ball.
Smart network student... move to the head of the class... The Force is with you Luke... :-)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.