Clik here to view.
Sichere Passwörter erzeugen & merken
Wie dem auch sei: Wir kommen nicht um die Benutzung von Passwörtern herum und es ist nach wie vor wichtig, sichere (= komplexe) Passwörter zu verwenden. Dabei ist es vor allem schwierig, einen...
View ArticleClik here to view.
Password Policies – Appropriate Security Techniques
How are passwords stolen? What are common password flaws? What are the security techniques to enhance the security of passwords respectively the security of the login-services? What authentication...
View ArticleClik here to view.
Bidirectional Policy Rules on a Palo Alto Firewall
The Palo Alto firewall supports policy entries that refer to multiple source and destination zones. This is useful especially when there are branch offices with multiple zones and a site-to-site VPN to...
View ArticleClik here to view.
Palo Alto: Vsys & Shared Gateway – Zones, Policies, and Logs
It was not easy for me to understand the type of zones and “from – to” policy definitions when working with a Palo Alto firewall that has multiple vsys’s and shared gateways. I was missing an...
View ArticleClik here to view.
DHCP Sequences: Broadcast vs. Unicast
I missed a sequence diagram for DHCP which not only shows the four basic messages (DISCOVER, OFFER, REQUEST, ACK), but also the used source/destination addresses and ports, the type of connection...
View ArticleClik here to view.
Firewall IPv6 Capabilities: Cisco, Forti, Juniper, Palo
Since IPv6 gets more and more important, I am using it by default on all my test firewalls, which of course support IPv6. However, when comparing the different functions and administration...
View ArticleClik here to view.
IPv6 Site-to-Site VPN Recommendations
With global IPv6 routing, every single host has its own global unicast IPv6 address (GUA). No NAT anymore. No dirty tricks between hosts and routers. Great. Security is made merely by firewalls and...
View ArticleClik here to view.
IPv6 Dyn Prefix Problems
I am lucky to have a full dual-stack ISP connection at home. However, the ISP only offers a dynamic IPv6 prefix with all of its disadvantages (while no single advantage). In this post, I am summarizing...
View ArticleClik here to view.
Palo Alto External Dynamic IP Lists
This is a cool and easy to use (security) feature from Palo Alto Networks firewalls: The External Dynamic Lists which can be used with some (free) 3rd party IP lists to block malicious incoming IP...
View ArticleClik here to view.
Palo Alto Application: First Packets Will Pass!
I am using an almost hidden FTP server in my DMZ behind a Palo Alto Networks firewall. FTP is only allowed from a few static IP addresses, hence no brute-force attacks on my server. Furthermore, I have...
View ArticleClik here to view.
Palo Alto policy-deny though Action allow
I came across some strange behaviors on a Palo Alto Networks firewall: Certain TLS connections with TLS inspection enabled did not work. Looking at the traffic log the connections revealed an Action of...
View ArticleClik here to view.
PAN Blocking Details
One of my readers sent me this question: We have an internal discussion about whether it is possible to block the 3 way hanshake TCP but allow the JDBC application protocol. In other words we would...
View Article
