Nuffnang

Sunday, February 27, 2011

Block IP Addresses in Juniper Firewalls

This article will go over configuring your Juniper hardware firewall to block certain IP addresses from accessing services. This is only for Cloud and Dedicated customers who have write access to their firewall. If you do not have access and wish to have access, please contact your sales representative. This article is meant for advanced users.
To create a new policy in your Juniper SSG Firewall for blocking IP addresses, please follow these steps:
1. Log into the firewall. You will have been given an IP address and access to this IP address by support.
2. Once logged into the firewall, navigate to Policy on the left hand navigation bar. Expand Policy and click Policies Elements. Then expand Addresses and click List.




3. To add a new IP address, choose the source zone (typically Untrust) from the drop down at the top of the screen. Then click New.
4. In the Address Name field, enter in the IP address or host or host you wish to block. This can be in CIDR format. For the comment, we typically recommend putting "Blocked IP" although it's just for tracking purposes. Select the appropriate radio button (IP Address/Netmask or Domain Name) and enter in the information again. Leave the zone as Untrust and click OK.



5. If you are adding multiple IP addresses to a blocked list, then it is recommended to create a group. Go back to Policy > Policy Elements > Addresses > Group > and add a new group. Name the group Blocked IP Addresses or something similar, and move the IP addresses/hosts from the left box to the right box and click OK.



6. Now to add the policy. Navigate to Policy > Policies and choose the source zone (typically Untrust) and the destination zone (typically Trust) from the drop downs at the top of the screen. Then click New.
7. From the Source Address drop down, choose the source IP address or host. If this policy is for multiple sources, click the Multiple button and add the multiple sources from the list. From the Destination Address drop down, choose the destination IP address or host. If this policy is for multiple destinations, click the Multiple button and add the multiple destinations from the list. If you do not see your source or destination IP or host listed, make sure it exists under the zone under Policy > Policy Elements > Addresses > List. If it does not exist, add the IP or host under the appropriate zone.




8. Under the Service drop down, select the service you will be connecting to. If you do not see the service listed, make sure it exists under the zone under Policy > Policy Elements > Services > Predefined. If it does not exist, click Custom and add the service ports (UDP, TCP, ICMP, or other).



9. From the Action drop down, choose Deny. This will deny the policy.
10. If you wish to enable logging for the policy, check the box for Logging and at Session Beginning. Once the policy is to your liking, click OK and the policy has been added at the bottom of the listing for that interface group.



11. The main policy listing will show a red X under the Action column showing that the policy is denying traffic rather than showing a green checkmark for allowing traffic.
Note: Please do not modify the Global Policy section. Often times modifying the policies contained within will prevent our internal servers from communicating with your servers which includes monitoring services. Please check with support if you have questions before modifying these policies.

Wednesday, February 23, 2011

Best Practices for Policy-Based Email Encryption

• Transport Layer Security (TLS): This is an Internet standard extension to SMTP and is universally supported in mail transfer agencies. It can be used as an authentication method as well as an encryption method.
• S/MIME Gateway Encryption: This allows two organizations to establish encrypted links with each other by exchanging organizational keys (certificates) and having the email servers automatically encrypt and decrypt messages.
• End-to-end Encryption: The most secure means of encryption and can provide non-reputatiblty.
• No-Client-Side-Software-Required: This means that the sender doesn’t have to have a public key in order to encrypt email to a recipient.

Tuesday, February 15, 2011

Open Source Anti Virus - Clam AV





Clam AV is open source anti virus engine that develop by community. It was very famous for Gateway level of scanning, however today Source Fire had release Clam AV Windows edition which most of the basic features are free, only advance and support need additional charge only.

Here are the info from Clam AV website:

ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It is the de facto standard for mail gateway scanning. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates. The core ClamAV library provides numerous file format detection mechanisms, file unpacking support, archive support, and multiple signature languages for detecting threats. The core ClamAV library is utilized in Immunet 3.0, powered by ClamAV, which is a fast, fully featured Desktop AV solution for Windows.

Immunet 3.0, powered by ClamAV is a fast, fully featured Windows desktop Anti-Virus (AV) solution that utilizes the power of advanced cloud based detection techniques and the strength of the time tested ClamAV engine. This unique combination of technologies allows for a highly effective approach to today’s fast moving malware threats.
Features:

• Real-time detection

• Scheduled scanning

• Intelligent Scanning – Fast and configurable smart scans

• Custom Detection – Using the de facto standard ClamAV signature language

• Advanced archive and packer support

• Fast and light system footprint

• Quarantine