Questions tagged [firewalls]

Concerned with software or hardware firewalls

This can include simple IP address based firewalls, deep inspection firewalls, web application firewalls etc

1128 questions
125
votes
5 answers

Is it a bad idea for a firewall to block ICMP?

This question was inspired by this answer which states in part: The generic firewall manifest file finishes off by dropping everything I didn't otherwise allow (besides ICMP. Don't turn off ICMP). But, is it truly a good practice for a firewall to…
Justin Ethier
  • 1,938
  • 3
  • 14
  • 20
123
votes
5 answers

Should SSL be terminated at a load balancer?

When hosting a cluster of web application servers it’s common to have a reverse proxy (HAProxy, Nginx, F5, etc.) in between the cluster and the public internet to load balance traffic among app servers. In order to perform deep packet inspection,…
Matt Goforth
  • 1,233
  • 2
  • 9
  • 5
101
votes
5 answers

Someone is trying to brute-force(?) my private mail server... very... slowly... and with changing IPs

This has been going on for about 1-2 days now: heinzi@guybrush:~$ less /var/log/mail.log | grep '^Nov 27 .* postfix/submission.* warning' [...] Nov 27 03:36:16 guybrush postfix/submission/smtpd[7523]: warning: hostname bd676a3d.virtua.com.br does…
Heinzi
  • 2,914
  • 2
  • 21
  • 25
90
votes
10 answers

Why do people tell me not to use VLANs for security?

I have a network, where a have a couple of VLANS. There is a firewall between the 2 VLANs. I am using HP Procurve switches and have made sure that switch-to-switch links accept tagged frames only and that host ports don't accept tagged frames (They…
jtnire
  • 1,001
  • 1
  • 8
  • 3
79
votes
5 answers

What techniques do advanced firewalls use to protect againt DoS/DDoS?

It is hard to protect a server against Denial of Service attacks, DoS/DDoS. The two simple ways I can think of is to use a server with much resources (e.g. CPU and memory), and to build the server application to scale-up very well. Other protection…
Jonas
  • 5,063
  • 7
  • 32
  • 35
75
votes
8 answers

If we are behind a firewall, do we still need to patch/fix vulnerabilities?

I have recently joined a security focused community in my organisation. Many of our products are deployed in the intranet (on-premise) nothing in the public cloud. So, the internal portals can be accessed within the organisation's network…
Rakesh N
  • 851
  • 1
  • 6
  • 6
71
votes
12 answers

Why block outgoing network traffic with a firewall?

In terms of a home network, is there any reason to set up a router firewall so that all outgoing ports are blocked, and then open specific ports for things such as HTTP, HTTPS, etc. Given that every computer on the network is trusted, surely the…
Alex McCloy
  • 813
  • 1
  • 7
  • 5
68
votes
7 answers

With IPv6 do we need to use NAT any more?

I'm wondering how to use NAT with IPv6. Seems that you don't even need it any more. So what exactly is the concept behind firewall configurations in IPv6 environments?
JaafarMehrez
  • 799
  • 1
  • 6
  • 5
67
votes
5 answers

Advised to block all traffic to/from specific IP addresses

My CFO received an email from a director at a financial institution advising that all traffic (inbound and outbound) from certain IP addresses should be blocked at the firewall. The director at the financial institution was advised by his IT…
upsidedowncreature
  • 761
  • 1
  • 5
  • 7
63
votes
8 answers

How do you explain to experts that a database server should not reside in the DMZ?

Our security experts, database administrators, network team and infrastructure team are all saying it's OK to have the database server located in the DMZ along with the HTTP server and middle-ware server. Their reason: If the database server is…
bruce bana
  • 633
  • 1
  • 5
  • 7
50
votes
7 answers

How to bypass tcpwrapped with nmap scan

I ran a scan with nmap -n -vv -A x.x.x.x --min-parallelism=50 --max-parallelism=150 -PN -T2 -oA x.x.x.x With the following result: Host is up (0.032s latency). Scanned at 2012-10-25 16:06:38 AST for 856s PORT STATE SERVICE VERSION 1/tcp …
KING SABRI
  • 675
  • 1
  • 5
  • 6
45
votes
7 answers

Port Knocking is it a good idea?

Normally for a server I like to lock down SSH and other non-public service to only be accessible by certain IP addresses. However this is not always practical if the business doesn’t have static IP addresses or if outside developers need access. I…
Mark Davidson
  • 9,367
  • 6
  • 43
  • 61
41
votes
8 answers

Are two firewalls better than one?

Let's say that our first firewall has some vulnerability and a malicious person is able to exploit it. If there's a second firewall after it, he/she should be able to stop the attack, right? Also, what will be the side-effects? I mean, would this…
user3395407
  • 609
  • 1
  • 5
  • 8
41
votes
6 answers

Difference between IDS and IPS and Firewall

The differences between an IDS and a firewall are that the latter prevents malicious traffic, whereas the IDS: Passive IDS: the IDS only reports that there was an intrusion. Active IDS: the IDS also takes actions against the issue to fix it or at…
The Illusive Man
  • 10,487
  • 16
  • 56
  • 88
37
votes
4 answers

Is there any meaning in only allowing port 80 and 443 today?

It's become standard fare for security minded organisations to block everything other than 80 and 443. As a result, more and more applications (other than web browsers) are learning to use these ports for their needs too. Naturally malicious…
Milind R
  • 479
  • 1
  • 4
  • 5
1
2 3
75 76