Warning: Creating default object from empty value in /home4/bwmf/public_html/jamiejamison.com/wp-content/themes/canvas/functions/admin-hooks.php on line 160

Archive | Security RSS feed for this section

Sonicwall VPN Question

So I received the following email from someone asking about a VPN connection between remote offices and a main office:

I have a TZ170 with a static IP (dsl) at my so called corporate office (server resides in this office). The appliance is set for DHCP for the clients that are set up on the inside of the firewall at that corporate office.

All my remote offices have a basic setup with either cable or dsl (no static ip), behind a modem and a dlink router. When more than one person in the same remote office connects to the tz170 at corporate, both clients experience awful delays and disconnections. If only one client connects in that remote office it works great, but as soon as you add another person from the same office that try’s to connect forget it, nothing but problems. Is this because the tz170 is seeing to tunnels coming from the same ip (isp assigned)?

Will purchasing another tz170 for the remote offices solve my problem? Is there an additional configuration that I am missing in the tz170 that will enable me to do this ?

Here is the response I sent:

You are absolutely on the right track. The problem you are having is that more than 1 person from the same public IP address is establishing a tunnel.

There is not a good way to establish a tunnel using a VPN client from more than one client behind a NAT device to the same central VPN device. In this case, the user has a D-Link router as the NAT device. Some devices do a better job of handling the NAT for IPSEC VPN traffic, which is what the Sonicwalls use. The only thing he could try in this case, other than the guaranteed solution of implementing a remote-office VPN gateway device, would be to ensure that the D-Link is upgraded to the latest firmware and has the appropriate IPSEC pass through settings. The most reliable solution, though, would be a VPN appliance to maintain a site-to-site VPN device at each remote office.

Comments { 0 }

Problems with Sonicwall Firewall?

Well, I tried to leave this as a comment on Ian’s weblog, but I couldn’t get the comment thing to work, so I figured I would trackback to both of his entries.

I am a Sonicwall Silver Partner, and I believe strongly in the product line. I don’t like to see anyone having configuration problems. I’d be happy to help with the config if there is a problem, not to mention that any newly purchased unit comes with 90 days of support included, so the Sonicwall 800# for support should be able to help, as well.

Please let me know if there is anything I can do.

Comments { 1 }

Microsoft Antispyware Beta 1 Initial Impressions

Summary ScreenHere is a look at the summary screen of the new MS Antispyware Beta 1 application. As you can see, it is set to expire July 31 of this year. The left side lists a summary of the configuration for the software – current status, last scan and results, whether or not the realtime protection is loaded, and current version of the signature database.

Microsoft Antispyware Beta Full ScanHere are the results from my first scan. It took a wopping 12 minutes 28 seconds to do a complete scan with the deep scanning options turned on. This was not the quick scan that you access from the summary page, but rather a scan of every file on my hard drive, the entire registry, and every process running in memory. Pretty impressive performance if you ask me. The only curious thing is that they indicate scanning 1,606 running processes, but my task manager only lists 56, even with the option to show all processes from all users.

Security Agent StatusThis is a little subsection of the Real Time Protection summary page. As you can see, the app puts hooks in to various parts of the OS. It protects startup items (registry, start menu startup folder, etc.), various network and internet settings, etc. You can get details for each of the items protected by clicking on any of the three sections, Internet Agents, System Agents, or Application Agents.

warningThis is the warning screen that pops up when something tries to modify your system by adding itself to the startup folder. I was pretty impressed when this happened. The only danger here is in the user not knowing any better and saying allow. This will require some education on our part. The other thing of note here is that it will send the information on whether or not you allow this modification to SpyNet, which I assume is a central database that evaluates for inclusion in the spyware signature database.

Overall I am initially impressed with the application. I am going to perform some further testing later to determine how well it works on a machine that I know is infected with spyware and how well it does at preventing spyware, both from inside Firefox and IE. I will post my results. Until then…

Comments are closed

Microsoft Antispyware Beta Download

The Microsoft Anti-spyware beta is available for download here. The only issue you may have is in trying to download this using Firefox or a non-IE browser. You must click the continue button in the Validate section of the page, then you will be prompted to download and run a Windows validation utility. Finally, you copy and paste the validation code from the utility into the page and you are directed to the download location. I will be installing this directly and will report later on my experience with it.

Comments are closed

Browser hijackers can be more dangerous than some people think

One of the biggest problems I have seen recently, both in corporate and home environments, is the unwitting hijacking of users’ computers by various malicious software, some of the most common of which are browser hijackers. This is an article at Wired magazine that should give you pause. You have to be EXTREMELY careful when you go to any website that you don’t know. The next time someone forwards you that funny game that is out there on the Internet, give it a little thought before you actually go get it.

Here is a list of resources that I use to combat spyware and malware on users’ computers:

Comments { 4 }

Sasser worm author confesses

Here is a slew of links to the coverage of the apprehension of the Sasser worm author:

Comments { 0 }

Microsoft Security Summit – Philadelphia

I am sitting in the Microsoft security summit in Philadelphia, and I wanted to provide some thoughts on what has happened so far. The keynote address was given by Bret Arsenault, Microsoft’s Strategic Security Advisor Team Lead. During his presentation, he showed one slide with resources for security information. The last item on the list was, “Security Blogs”. The image on the screen was of an ASP powered blog with the Syndication and orange XML icons visible – neither was mentioned. In fact, Arsenault’s quote was, “and lastly, Security Blogs – I’ll leave it at that. I hate the term blogs.” That was it. That was all he had to say about the benefits of weblogs related to security for the attendees. What a collosal lost opportunity. I hope Robert Scoble reads this and gives Bret a hard time when he is back in Redmond next week.

I would have loved to see Bret mention the syndication capabilities of RSS/XML on weblogs that allow people to follow developments, like security issues. I would have loved for him to mention that there were blogs being written by many of the teams at Microsoft that write the programs we all use every day. I would have liked for him to mention that many webloggers are among the most well informed on the Internet regarding any number of issues, including security issues relating to specific applications.

What this type of thing shows us in the community is that we have a LONG way to go in evangelizing the usefullness and applicability of weblogs, even to the IT industry.

Comments { 1 }

Great article on employee use of the Internet at work from Wired magazine

If you have employees and an Internet connection at your office, you should read this article. It discusses the differences between how users responded to a survey about personal use of the Internet and what actual experience has shown. The highlights include:

  • 6% of survey respondents admitted to having downloaded spyware onto their computers, while administrators estimate that 30% of their corporate workstations have been infected with spyware at one time or another;
  • IT managers estimated that 10% of help desk calls were related to non-work-related applications – usually problems created by spyware;
  • employee use of non-work-related applications and related bandwidth strain has slowed down a mission-critical project at one-third of respondents’ organizations;
  • 21% of employees who responded to the poll said they use streaming media to do such things as listen to Internet radio or watch live newscasts via the Web. But only 6 percent admitted to ever downloading and storing any non-work-related video clips or music onto their work computer;
  • IT managers responding to the poll estimated that, on average, roughly 10% of their company network’s disk storage space is taken up by non-work-related files, such as MP3s, photos and movies;
  • The majority of employees surveyed said they spend between one and five hours per week using the Internet at work for personal reasons;
  • 14% of employees admitted to playing online or downloaded games at work;
  • 27% of those surveyed said they feel using the Net for personal reasons made them more productive at work;
  • 49% said they would rather give up their morning coffee than their ability to use the Internet at work for personal reasons.

These are very interesting results, and every employer or business owner should be aware of the realities associated with personal use of the Internet by employees. At the same time, those employers should also be aware that they are typically asking employees to do much more with fewer actual people than we have in the past, as evidenced by the increasing productivity percentages that are reported in economic data every month. There needs to be some sort of a balance between what the business needs and what an employee needs for staying happy and healthy, but I would definitely agree that spyware presents one of, if not the, biggest dangers to corporate networks and computers today, and it almost always results from personal use of the Internet on work machines.

Comments { 0 }

Sonicwall Content Filtering rating request

I have noticed a number of people on various sites stating that their site had been classified incorrectly as pornography or something objectionable. If that happens, you can look up and request a re-rating for any site at this location.

Comments { 0 }

My second Sonicwall roadshow

First, I want to apologize for the lack of posting this month. This has been a very busy time for me, and I haven’t had a lot of time to keep the posts coming. I will try and pick it back up a little.

To that end, I attended my second Sonicwall roadshow in as many months today. It was held in Valley Forge, PA, and was presented by Greg Croce, the Sonicwall Territory Manager, and Tom Bulthaupt, the Territory SE and Eastern Region SE Manager. They provided an overview of the new Sonic OS 2.x enhanced firmware, which was primarily a rehash for me from the last roadshow, but I did get a couple of nuggets of information that were new.

The biggest piece of news is the impending release of the new SonicWall Pro 5060, a six-port gigabit ethernet solution that will come in two flavors (6 copper ports, or 4 copper and 2 fiber sx/sc ports). It looks like the box is going to retail for either $9,995 or $11,495 with 1 year of the new IPS deep packet inspection service included in the price. On the presentation slide for the 5060 was a little blurb mentioning a new product that is ultra hush-hush, the SonicPoint, which should probably be an integrated security/wireless roaming solution that will work with the Pro series of firewall appliances. We’ll have to watch closely for the announcement on these products when they are more readily publicized.

The other useful tidbit I got was the impending release of 2.5 firmware, which should be by the end of this quarter and will address a number of requests, including source-based routing in SonicOS enhanced for forcing certain IP addresses and/or protocols to use a specific WAN interface in a load balancing/failover configuration.

I continue to be impressed with the recent flurry of innovation out of the folks in Sunnyvale. Keep up the great work!

Comments { 0 }