In the past, most Web content was static and predictable. But today’s reality is that Web content—even from so-called “trusted” sites—is constantly changing with end-users encouraged to post, edit, or manipulate content. The most popular and heavily-trafficked sites that make the most use of dynamic Web 2.0 content, are also the most vulnerable to attack. In fact, according to Websense® research covering the first half of 2008, over sixty percent of these top 100 sites either hosted malicious content or contained a masked redirect to an illegitimate site.
Read the rest of this entry »

• 0 Comments

This guide is for customers who want to upgrade PureMessage for Microsoft Exchange as follows:
? From version 2.6.1 to version 3.0.x.
? From version 3.0 to version 3.0.x.
The guide tells you:
? What’s new.
? Where to find system requirements.
? How to upgrade on a non-clustered server.
? How to upgrade on clustered servers.
? How to navigate to common menu options in the new version.
? How to contact technical support.
Read the rest of this entry »

• 0 Comments

Iptablesrocks was created to provide a publicly available, easy to understand guide and tutorial for the installation and configuration of iptables. Iptables is a linux package for managing IPv4 (and optionally IPv6) packet filtering and NAT (Network Address Translation). Iptables can be configured to function as a firewall, a NAT mechanism, a packet filter or all 3 at once. The diversity of capabilities possible with iptables makes it a secure, stable and economical alterative to hardware based firewalls and routers or costly 3rd party firewall software. Iptables can also serve as a rendundant firewall in conjunction with a hardware firewall, providing you with an extra layer of security. Iptablesrocks.org covers the installation of iptables in a Redhat environment, the syntax and structure associated with iptables and a collection a pre-configured iptables configurations for a variety of applications. This site is currently under development. Enjoy!

When running a typical web server, you need a firewall that is secure and offers protection, but you also need one that allows all needed traffic to be able to enter and leave the server so that your server’s day to day operations can carry on unimpeded. This particular iptables configuration does the following:
1. Uses the “mangle” portion of the table to effectively block and/or confuse most port scans. These rules deal address FIN,SYN,RST,PSH,ACK,URG FIN,PSH and URG methods.
2. Establishes a locked down and secure foundation by initially blocking all incoming, outgoing and forwarded packets COMPLETELY.
3. With all incoming packets dropped by default, it then grants incoming access to a select number of ports. These ports are ports that a typical web server might allow. Open inbound ports include: 20 & 21 (ftp), 22 (ssh), 25 (smtp), 53 (dns), 80 (http), 110 (pop), 143 (imap), 443 (https), 993 (imaps)
4. With all outbound packets dropped by default, it then grants outbound access to a select number of ports. These ports are posts that a typical web server might allow. Open outbound ports include: 20 & 21 (ftp), 22 (ssh), 25 (smtp), 43 (whois), 53 (dns), 80 (http), 110 (pop), 143 (imap), 443 (https), 993 (imaps)
5. Both inbound and outbound connections are required to be in a “related and established” state. The “related and established” state requirement will require you to add the “ip_conntrack_ftp” module into your server’s configuration. This is typically done with the following command: insmod ip_conntrack_ftp
6. ICMP packet types 3, 8 and 11 are dropped by default for all inbound traffic. This makes your server unpingable and reduces the chance of ping ICMP based attacks. Pings are allowed for all outbound traffic.
7. Unauthorized inbound and outbound traffic is logged.

Download pdf An iptables guide & tutorial

• 0 Comments