Disclaimer

The content of this material are challenges faced onsite and how I personally resolved them. Please be noted that solutions posted here

1> should not be considered as ultimate. The material may be considered for reference only.

2> should not be considered as guarantee that solutions may work. Contact Cyberoam support before making any changes.

3> blog does NOT belong to the Cyberoam. It's a blog...a personal blog.

Changes done after referring this site may seriously damage the network. So...

........DO CHANGES AT YOUR OWN RISK

(please contact cyberoamsupport before implementing any changes)

Tuesday, 11 February 2014

Improved application control

I am a great fan of UTM devices that give complete and granular control over different layer 7 application. Cyberoam is one of the best Application control UTM. In one of my previous articles named A Fight for the best application filter, I mentioned about the fact that how applications have changed over the years but we have not seen any significant change in firewall.

Coming on to the Cyberoam, it is feature rich product and I can feel the kind of effort being put in cyberoam into making it a world-class product. Now, they have come up with improved application control features. Now, we have a new way by which Cyberoam has categorized different applications. I really liked this improvement. Cyberoam represents applications in accordance to:

1. Name
2. Category
3. Risk
4. Characteristics
5. Technology

Here is the screenshot:

This will provide more granular control for the users over the applications. I believe, this was a long pending feature, and at last we have it. Cyberoam can identify over 1000 applications which is better than some other UTMs,
With the improvement in the categorization, the reporting feature has also seen lot  changes.

 Reporting has always been one of the best features of Cyberoam. You really have to work on a Cyberoam UTM device in order to really feel what power it holds. The on appliance iview is one of the best Reporting system. It has an hawk eye and provide you drill down reports upto 3rd level for forensic analysis. The new reporting system is more faster and eye catchier with its instant horizonal, vertical and pie chart representation of the logs.
















Posted by at No comments:
Labels: ,

NTLM: Begining of an Era

At last Cyberoam has it what I always wanted to see in it since beginning. A single sign on method where now I have to no more install any .exe file on the my AD servers. Although I love the existing method used by the Cyberoam to implement its SSO (single Sign On), However I always had this challenge that many customers were not ready to install any software on their AD servers. The existing SSO method used by Cyberoam uses CTAS, It is a suite of softwares that is installed on the AD server, although it is a flawless way of performing the SSO process, But it had some challenges in the DHCP environment. I am sure introduction of NTLM in Cyberoam will overcome these challenges.
NTLM is actually a Microsoft feature which was used during Windows NT era. According to Microsoft it is a protocol suite that provides authentication, integrity and confidentiality to users. I know quite a few vendors who have incorporated the same technology to implement the process of Single Sign on.
So, as always I decided to test the new feature. Here are my results:

1. It worked for me the very first time, despite the fact that I had a little hard time in finding out the article from the Cyberoam KB.
Here are the articles that I used to configure the NTLM , browser and Cyberoam respectively:

http://kb.cyberoam.com/default.asp?id=2252&Lang=1&SID=
http://kb.cyberoam.com/default.asp?id=2251&Lang=1&SID=

2.  I was not able to find anything related to NTLM on AD in Cyberoam KB, however When I researched I found that we have to enable the NTLM on AD by following:
http://support.microsoft.com/kb/239869

3. When I heard about NTLM the first time, I thought it might slow down the attempts to access web sites, since it is a browser based authentication, but I observed no delay.

4. The company where I deployed NTLM recently had some reservations. The IT guy over there told me that Microsoft recommends NOT to use NTLM as it is not secure. I told him that it is just another feature that is on offer and other vendors too use it, although it is not secure but it is good enough to be used internally for authentication.

5. The deployment has been successful, I checked the behavior on multiple browsers on Windows and Linux. However, it will be interesting to see how it works on Mobile devices. For eg, blackberry OS, iPhone, iPad etc.

Few things I liked about NTLM SSO:
a) Very seamless
b) No delay
c) Easy to deploy
d) Works well with multiple browsers on windows and Linux
e) No installation of any kind of client on AD or end users

Note: Cyberoam says that it does not support NTLMv2, however when I used  NTLMv2 on AD, I faced no issues.
Cyberoam also mentions that only browser supported are IE and Firefox, but Chrome and Safari gave me no problems while using them.
I have not as of yet tested this using my iPhone, iPad or android. But certainly I will check it soon and come up with the results.

Cyberoam has now become a mature product and with the new features coming up it is surely going to make an impact in the market.









Posted by at No comments:
Labels:

Monday, 25 June 2012

"Set it and forget it attitude"- Web Application firewall


Web Application Firewalls (WAFs) are an excellent last line of defense. They’re great at blocking both automated scans and granular exploits like Cross-Site Scripting and SQL injection. I recommend WAFs to partners all the time. But is there more to the story?

Unfortunately, more security vendors deploy WAF to cover up instead of looking to fortify their coding practices which led to vulnerabilities in their web applications. WAF has also replaced good old security practices of conducting regular audit and security scan. It's "set it and forget it". This is especially common with the compliance as a checkbox mode of operation that’s present in many businesses. Reminds me of what Firewalls with Stateful Inspection Technology were 10 years ago.

WAF would not protect you against application logic flaws. What about weak passwords in your web application? Another flaw that may go unguarded.

Good security practices like security monitoring, patch management, change management, incident response processes/procedures and most importantly security awareness sessions still hold good.

Whether you work for a large enterprise or a small business, just know that Web Application Firewalls are not the end-all be-all solution for your web security problems. They’re good at what they do. But like airbags in our automobiles, they can’t be relied on completely. To set up WAF and rely on it completely to protect your Web application is being short sighted and a recipe for getting bitten when you least expect.

The solution is to layer your web controls and look to fortify your coding practices. Web Application flaws are better fixed as the source by performing periodic scans, manual tests and review your code.

After you follow best practices for setting up Web Application, let WAF be the icing on the cake.

Posted by at 2 comments:
Labels:
Subscribe to: Posts (Atom)