'firewall'에 해당되는 글 9건

  1. 2012.04.13 Is my Web Application Firewall Blocking WebsiteDefender?
  2. 2012.03.22 시스코 관련 취약점 3건 보안 업데이트
  3. 2012.03.06 Run a Program in the Sandbox (COMODO)
2012. 4. 13. 18:58

Is my Web Application Firewall Blocking WebsiteDefender?

Previously we explained why some web hosting servers block the WebsiteDefender Agent, which could cause your WebsiteDefender service to malfunction.

In this article, we will show you exactly how a web application firewall can block communications between the WebsiteDefender Agent and the WebsiteDefender Server.

Many hosting providers or server administrators use web application firewalls, such as ModSecurity, to filter and monitor a website for hacker attacks. Some of the web application firewalls used today have different configured rule sets to filter HTTP software requests and can therefore interfere with the WebsiteDefender Agent.  Below are some examples that show how and why the WebsiteDefender Agent might be blocked by a web application firewall.

The web application firewall might block the communication completely with the WebsiteDefender Agent.



In this example, the WebsiteDefender Agent request to the web server has been blocked by the firewall, based on the predefined rule sets. Any requests sent from the WebsiteDefender Server will not reach the WebsiteDefender Agent. Depending on the firewall configuration, when you run the WebsiteDefender Agent test, you might receive a “404 Not Found” error or “Unreachable” error code.



The web application firewall might alter, modify or strip important and essential components from the WebsiteDefender Agent request.



In this case, the request sent by the WebsiteDefender Scanning Server to the WebsiteDefender Agent will manage to pass through the firewall but the information returned will be invalid.

Therefore, the WebsiteDefender Agent will send an invalid response back to the WebsiteDefender Scanning Server, stating that a previously received communication request was corrupted or not recognized.



The request received by the WebsiteDefender Agent passes the Web Application Firewall check. In this case, the communication request sent by the WebsiteDefender Server to the WebsiteDefender Agent successfully passes through the web application firewall. The WebsiteDefender Agent response successfully reaches the WebsiteDefender Server, meaning that the WebsiteDefender Agent is up and running successfully.



출처 : www.websitedefender.com


Trackback 4 Comment 0
2012. 3. 22. 18:14

시스코 관련 취약점 3건 보안 업데이트

ASA 및 Firewall 서비스 모듈, ActiveX 관련 취약점 3건 


[보안뉴스 권 준] 시스코의 Cisco ASA5500 및 Catalyst6500 ASA 모듈 다중 취약점 등 취약점 3건과 관련해 최신 버전으로의 보안 업데이트가 요구된다고 KISA 인터넷침해대응센터 측은 밝혔다.


▲Cisco ASA5500 및 Catalyst6500 ASA 모듈 다중 취약점

시스코 사는 ASA5500 Series Adaptive Security Appliances 및 Catalyst 6500 Series ASA Services 모듈에서 발생하는 다중 취약점을 해결한 보안 업데이트를 발표했다.


다중 취약점은 Cisco ASA UDP Inspection 엔진 서비스 거부 취약점, Cisco ASA Threat Detection 서비스 거부 취약점, Cisco ASA Syslog Message 305006 서비스 거부 취약점, Protocol Independent Multicast 서비스 거부 취약점 등으로 공격자는 영향 받는 시스템에 취약점을 이용하여 서비스 거부공격을 수행할 수 있으므로 최신버전으로 업데이트가 필요하다.

영향 받는 시스템은 Cisco ASA 7.0, 7.1, 7.2, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6 버전으로  취약점이 발생한 Cisco 장비의 운영자는, 참고사이트에 명시되어 있는 ‘Software Versions and Fixes’ 내용을 확인하고 유지보수 업체를 통해 패치를 적용해야 한다.


[참고사이트]

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory

▲Cisco Firewall 서비스 모듈 서비스 거부 취약점

시스코 사는 Catalyst 6500 Series의 FWSM(Firewall Services Module)에 존재하는 서비스 거부 취약점을 해결한 보안 업데이트를 발표했다.


공격자는 영향 받는 시스템인 Cisco Catalyst 6500 Series 3.1, 3.2, 4.0, 4.1 버전의 취약점을 이용하여 서비스 거부공격 등을 수행할 수 있으므로, 최신버전으로 업데이트가 필요하다.


[참고사이트]

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-fwsm

▲Cisco ASA5500 ASA VPN ActiveX 취약점

시스코 사는 ASA5500 Series Adaptive Security Appliances(Cisco ASA)의 VPN ActiveX 컨트롤에서 발생하는 원격코드 실행 취약점을 해결한 보안 업데이트를 발표했다. 공격자는 취약한 VPN ActiveX(cscopf.ocx)가 설치된 클라이언트 환경을 대상으로 원격코드를 실행할 수 있으므로 최신 버전으로 업데이트를 해야 한다.


영향 받는 시스템은 Cisco Adaptive Security Appliance Software 7.1, 7.2 버전과 Cisco Adaptive Security Appliance Software 8.0, 8.1, 8.2, 8.3, 8.4 버전이다.


·파일명 : cscopf.ocx

·CLSID : {B8E73359-3422-4384-8D27-4EA1B4C01232}


취약점이 발생한 Cisco 장비의 운영자는 유지보수 업체를 통해 패치를 적용해야 하며, 패치된 ActiveX 정보는 다음과 같다.


·파일명 : cscopf.ocx

·CLSID : {C861B75F-EE32-4aa4-B610-281AF26A8D1C}


[참고사이트]

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-asaclient


[권 준 기자(editor@boannews.com)] 


출처 : 보안뉴스 


Trackback 0 Comment 0
2012. 3. 6. 10:24

Run a Program in the Sandbox (COMODO)

Comodo Internet Security allows you to run programs inside the Sandbox on a 'one-off' basis. This is helpful to test the behavior of new executables that you have downloaded or for applications that you are not sure that you trust. Adding a program in this way means that it will run in the Sandbox this time only. On subsequent executions it will not run in the sandbox (presuming it passes the sandboxing process). If you wish to run an application in the sandbox on a long-term/permanent basis then use the  Always Sandbox interface.


To run an application in the Sandbox

1. Click the 'Run a Program in the Sandbox' link in the Defense+  interface. The following dialog will open:


2. Click 'Select' to choose the program to be executed in the sandbox:


3. Browse to the application and click 'Open'. In the example above, opera.exe is chosen:


4. Click 'Run As' and select the restriction level you want to apply to the program from the menu.

  • Untrusted - The application is not allowed to access any of the Operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights.
Note: Some of the applications that require user interaction may not work properly under this setting.
  • Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights.
Note: Some of the applications like computer games may not work properly under this setting.
  • Limited - Only selected operating system resources can be accessed by the application. The application is not allowed to execute more than 10 processes at a time and is run with out Administrator account privileges.

  • Partially Limited - The application is allowed to access all the Operating system files and resources like clipboard. Modification of protected files/registry keys is not allowed. Privileged operations like loading drivers or debugging other applications are also not allowed.


The program is executed within the sandbox with the access restriction level that you selected. It will run in the Sandbox on this occasion only.


출처 : COMODO


Trackback 0 Comment 0