StoneBlog.stonesoft.com

Let’s start this 2012 with a technical tip about variables usage in Stonesoft SSL VPN.

More specifically, the variables described in this article are used when configuring a startup command in a Tunnel Set definition to allow TCP/UDP based applications to be used inside a SSL tunnel.
A sample use case is a user that needs to access to his home directory and we do not want to create as many tunnel set as users in the system.
The Startup Command in a Tunnel Set is executed as soon as the tunnel has been successfully established, to automate the launch of a given application.
In this example, the Startup Command content in SSL VPN Tunnel Set configuration could contain something like:

\\192.168.100.1\[$uid]

This particular $uid variable will be replaced with the user ID when the startup command will be invoked by the system.

I report below the other useful variables that can be used in the same context:

[$ehost]  =   the access point server name including port number

[$eprot]  =   HTTP or HTTPS

[$uid]  =   The external user name

[$iuid]  =   The internal user name (usually the same of $uid)

written by RoarinPenguin - 235 views \\ tags: SSL VPN, Tunnel Resource, Tunnel Set, variables

If you’re headed to Black Hat 2010 this year as we are, be sure to follow our security tips to avoid placement on the Wall of Sheep. Our third security tip post is actually a collection of some miscellaneous things. Join us at Booth 33 to learn more about these tips, try your hand at Hack The Lab, and see what other things are going on at Stonesoft and the new StoneGate 5.2 release.

As many YouTube videos demonstrate, you never know when someone may be watching. A good thing to keep in mind at Black Hat as well, particularly when you are using a laptop or other mobile device. Be mindful of the fact that hackers may be watching your screen and your fingers as you type. From this they can capture information off your screen and capture your logins and passwords for use later on. Often this hack is accomplished by using a video camera on a cell phone or by pretending to take a picture of a nearby attraction. So keep your fingers covered as much as possible, and be prepared to change your passwords often. If you can avoid using your laptop or smartphone in open areas, do so and reserve the work for after you return to your hotel room or other private location.

Black Hat has also been famous in the use of social engineering and ATM hacks. There’s a presentation on ATMs at this year’s conference. Be sure to avoid any stand-alone or third party ATMs within the casinos, or any ATM that is not at a bank branch office. These stand alone ATMs can be cheap copies, or purchased off eBay or other sites, and reconfigured to capture your account data, while providing no money.

Just one more quick review: turn off wireless and Bluetooth on all devices whenever possible. Avoid wireless if at all possible, and use a 3G cellular modem instead. Be careful typing in passwords, and also what you work on while in open areas. Don’t trust ATMs or storage devices of any kind. Keep your mobile devices up to date with the latest software updates and patches, and use encryption and firewalls whenever and wherever possible.

Remember to enjoy the conference and have a great time knowing you won’t be joining others on the Wall of Sheep!

written by markb - 1,564 views \\ tags: conferences, hacking, passwords, Security

If you’re headed to Black Hat like we are, there’s more to security than being cautious about the networks you connect to. Data at rest can also be a concern, both for the data on your devices as well as the data you may receive while there. Here’s our second security tip, to deal with the protection of that data.

The X-Files principle of Trust No One holds true in this case as well. We all love schwag, whether it’s simple things like stress balls, to more advanced things like iPad giveaways. In between everyone loves to pick up those USB sticks, which can be plain and simple or disguised as cute animals. But be careful, those animals can turn on you. In general, for a safer computing experience at Black Hat, do not trust any storage device handed to you by others. Whether it’s a USB drive or CD, or anything else (even that iPod you just won), they can contain viruses, Trojans or malware of any form. Even the ones that look professional can be dangerous. At best it’s good to discard them; if not at least scan them on a separate, up-to-date, sacrificial system first.

Second, if you are bringing a laptop, install and verify the operation of full-disk encryption software. Use AES-256 bit encryption or better. If the hard drive has a hardware encryption option as some external ones do, use that instead. And while you’re at the conference, be sure to power off or hibernate your laptop whenever it isn’t in use to maximize the effect of the encryption software. Free disk encryption programs exist, and modern Windows and OS X systems include encryption technologies built-in.

To learn more about computing safely, to try your hand at Hack The Lab, and to learn about Stonesoft’s award-winning network security solutions, be sure to stop by Booth 33!

written by markb - 1,063 views \\ tags: conferences, encryption, Security, stonegate, stonesoft

Black Hat 2010 is coming up soon, and Stonesoft will be there. Join us at Booth 33 to learn more about our solutions, see demos in action, and try your hand in Hack The Lab.

Our first security tip for a safer Black Hat computing experience is about network security. We’re starting with this one since it’s the heart of our StoneGate network security solutions as well. While at Black Hat, try to avoid connecting to any networks, including wired and wireless ones. For wireless networks especially, don’t connect if you can help it, even if the SSID of the network looks trustworthy (for example, it looks like a network operated by the casino…it may not be). If it’s possible to use a cellular modem instead, it is recommended to do so. If you do need a network, remember that any communications can potentially be intercepted, and passwords and logins should not be sent in clear text.

If you do connect, be sure you are using a VPN with strong encryption and that your laptop or mobile device is up-to-date with the latest patches and updates, and that a firewall and virus scanner are installed, updated and operational. If you don’t need it, be sure to turn off wireless and Bluetooth. If the devices you have use a hardware switch to disable these functions, use it instead of the software option. Whenever you are not using the networks, be sure to disconnect and disable the functionality on your device to reduce your risk exposure.

More tips for a safer experience at Black Hat will follow, so stay tuned!

written by markb - 1,052 views \\ tags: conferences, networks, Security, tips

…you can believe it or not.

This is exactly the power that new StoneGate SSL VPN version 1.4 gives when assessing a Windows workstation trying to access corporate applications.

You can decide to verify case by case antivirus, age of pattern file, etc for a number of Antivirus engines (and customize parameters if you need to) such as McAfee, Trend Micro, Sophos, Panda Software, Norman, Grisoft, CA eTrust and others.

You can event check for running processes, registry paths, listening ports… or you can simply trust Windows Security Center when it says I’m OK! since quite often this means:

• Windows is updated from patch perspective
• Windows Firewall (or equivalent) is properly operational
• Antivirus is running and updated

Here’s how to do that.

Continue reading »

written by RoarinPenguin - 1,142 views \\ tags: assessment, End Point Security, eps, SSL VPN, Windows Security Center

One of the features I use often, and especially in cases when there is some sort of trouble, is the ability to actually see what traffic passes the firewall.

Most admins don’t feel comfortable using the console (over ssh), and ofcourse it is not as trivial as it seems – especially remembering the exact commands. So, for the community, and for my own personal use, I’ll document a small issue I just had, and how I “solved” it.

A customer called, saying: “I use the StoneGate VPN to connect to my server with RDP, and all I get is a black screen”.  Now, that’s something that’s (unfortunately) not too uncommon. Google for “MTU”, “Path MTU Discovery” and “Black Hole Detection”, and you’ll get tons of info, which all come down to:

Single packets in ethernet networks have a maximum size of 1500 bytes (RFC 879). 1460 bytes of data + 40 bytes header (ip-addresses, ports, settings etc.). All tunneling protocols (VPN, PPTP,PPPoE, etc.) add some bytes to the header part. This means less room for the data part.

Both “client” and “server”  agree to send packets with max. 1460 bytes of data. The first few packets of the connection aren’t large, perhaps 1000 bytes max, and fit through perfectly. Client and server agree to communicate, draw a frame of the correct size, etc. Then however, comes the Windows Logo, a picture that is over 3000 bytes of size.  That means,  2  large packets are sent.  Somewhere on the connection from server to client, these packets do not fit. So, the picture the server sent, does not reach the client. A black screen of the wanted size just sits there, and waits… and waits…. and waits…..

Since I do not want to discuss what causes this,  but just want to know if it IS an MTU issue, I do following:

• check if both sides agree to use 1460 bytes of data
• reduce the packet size on either client or server side to 1310 bytes of data
• test whether RDP works again

Continue reading »

written by jebATpop-i - 3,394 views \\ tags: CLI, Examples, stonegate firewall, Tips & Tricks

Few days ago I described a technique using certificate based authentication in StoneGate SSL VPN to match a certificate attribute to user attribute, in order to uniquely identify a user in Directory Service and allow login, perform Single Sign-On (SSO), etc.

In this article I’m taking it one step further, since StoneGate SSL VPN can authenticate a user presenting a valid certificate without even knowing who the user is, and use then whatever field of the certificate to perform SSO to protected resources.

Continue reading »

written by RoarinPenguin - 1,155 views \\ tags: authentication, certificate, SSL VPN

When thinking to a system to allow secure, authenticated access to corporate application, major questions (headaches?) are:

• how to access to existing user repositories?
• what if I need a new one aside?
• what if I need access to multiple repositories?
• which information can I use?
• what about grouping?

StoneGate SSL VPN provides a very flexible and powerful answer to these questions, and this article will provide some useful details.

Continue reading »

written by RoarinPenguin - 2,285 views \\ tags: SSL VPN, user storage

Finnish CERT (CERT-FI) recommends to pay special attention to certain address blocks.  They mention the DROP-list by the Spamhaus project as the most up-to-date list of malicious addresses.

It is always boring and time consuming to type long lists of addresses, so I made a quick-and-dirty script, which converts the DROP-list into StoneGate elements, and creates a group of them.  You can feed the DROP-list to this script, zip the result and import it into SMC.

Being an oldtimer, I wrote this with an ancient tool called awk, which you can find in most unix-based systems, including linux.  The most common variant is the GNU awk, gawk.  Someone would probably write this in 2 lines of Perl…

I provide this script as is, with no expressed or implied guarantees of any kind.  Use this at your own risk.  If you manage to break something with this, you have been warned and you assume full responsibility.  I have tested this on one system (Fedora Core 9) with one input, today’s DROP list from Spamhaus.org.

So, take a look at the code and decide yourself if you trust this.  Especially see the comment in the beginning.  Change the element naming convention to suit your needs and enjoy.

written by olli - 1,035 views \\ tags: DROP-list, script, Spamhaus

As you know there are multiple ways how to visualize the log data with StoneGate Management Client. You have probably noticed the “Statistics” shortcuts in the Log Browser’s toolbar already. Here is another convenient way to find more log statistics shortcuts:

Just right-click any column header in the Log Browser and select some of the log statistics shortcuts from the menu that opens. Note that these shortcuts are all related to the column you originally selected.

A picture is worth a thousand words! Log Statistics provide you efficient tools to drill in to the relevant pieces of log data.

written by Tero Jantunen - 1,095 views \\ tags: Log Statistics, logs, Shortcuts, SMC, Tips & Tricks