Comments for Practical Tactics

Comment on Network Zoning – In the Zone by Mave

Mave — Sat, 07 Nov 2009 10:53:16 +0000

Wow, you have to try this out – Skydur.com – so fast and unblocks every site in China – youtube, twitter, facebook, even hulu ! My best spent $16 bucks (for 3 months of the service). Want throuh the wall ? – go with Skydur http://www.skydur.com

Comment on Imperva’s DIY syslog format by Anonnymous

Anonnymous — Mon, 14 Sep 2009 00:14:14 +0000

First of all, good job on this blog, very informational!

Hey where is this document that you have mentioned?
** The document ”Imperva Integration with ARCSight using Common Event Framework” provides a number of examples **
I couldnt find it on google…
Is there any way you could publish it or send me via email?
Thanks!

Comment on Top 4 WAF Protections by Your INNER WAF « Practical Tactics

Your INNER WAF « Practical Tactics — Fri, 10 Jul 2009 12:51:54 +0000

[...] Top 4 WAF Protections [...]

Comment on Network Zoning (The Zone) by Network Zoning – Be the Zone « Practical Tactics

Network Zoning – Be the Zone « Practical Tactics — Tue, 26 May 2009 17:26:31 +0000

[...] Viewer Database HackingNetwork Zoning – In the ZoneOff to the WAF racesTweaking PLA: Using rsyslogNetwork Zoning (The Zone)PIX Logging Architecture is Back OnlineLog Management 101PIX Parsing (Usable [...]

Comment on Network Zoning (The Zone) by fathi alwosaibi

fathi alwosaibi — Fri, 15 May 2009 05:28:33 +0000

thanx for the reply;
actually zoning will simplify network administration, and from my experience when you zone you basically lay down the foundation which should be rigid and fixed. i did add an article in my web site about Zoning Conceptual Design. Pls. check it out in my web site

you can get it through this link: http://fathi.fathialwosaibi.net/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=4&lang=en

good luck;

Comment on Network Zoning (The Zone) by bmestep

bmestep — Thu, 07 May 2009 20:05:23 +0000

Interesting post on your site.

I must apologize I got tied up in so many things I’ve neglected this site and my Web Security sites. I’ll be updating the content here as well as the other sites.

RE: Zoning.
It’s possible to make the zones too complicated to manage, so be sure in any Network Redesign, Security Rebuild, or Risk Management strategy to consider the operational footprint of the end-state on the business.

Often times Network Zoning will introduce new business processes that can become too rigid to maintain. The end result is the weakening of the zone defenses. The best way to combat such an issue is to consider the maturity of the business and typical operational needs. I would never recommend a rigid, complex security program for a business that is likely to bypass the resulting processes and procedures that Network Zoning introduces.

Cheers!
Brian

Comment on Network Zoning (The Zone) by fathi alwosaibi

fathi alwosaibi — Thu, 07 May 2009 18:46:20 +0000

i also have done some research on network zoning and i will be posting my experience with the concept. pls. check my web site fathi.fathialwosaibi.net

Comment on PIX Parsing (Usable Logs!) by Roberto

Roberto — Thu, 12 Mar 2009 22:57:34 +0000

Hi,
I change the parameters of the firewall and now I am receiving messagess in my DB…
Check the configuration of your FW…

Comment on Is YOUR HelpDesk hurting you? by Tiffany

Tiffany — Sun, 22 Feb 2009 11:25:45 +0000

Well, i had my pc infected by 13 things.
luckily my dad done something in setup.
he deleted all my programs, i’ve got windows XP home edition now, so it runs more faster than it did, i remember my pc having its first scan and there was only 10..
Next day i downloaded something and i did’nt know what the hell it was….
Scanned, and it came up with 13!!!!
but thats before. god my pc was slow back then , even though i get tbe same old things, programs going down… getting some lag and it disapeers.. but atleast i scanned and it found nothing Im safe with the web, maybe cause i went on the site named: zango.com before the night it was ruined? ? ? Maybe so…
-Tiffany

Comment on Tweaking PLA: Using rsyslog by RMvP

RMvP — Fri, 06 Feb 2009 06:39:11 +0000

Hello,

the result is:
You supplied the following log message:
Feb 5 14:08:45 de9cf000 2009 Feb 5 14:08:44

Resulting in these matches using a default regex filter of:
(.*):(.*) (.*) (.*) (.*) (.*) (.*:?:?)
_________________________________________________________

]> match 1: Feb 5 14:08
]> match 2: 45 de9cf000
]> match 3: 2009 (default pixhost)
]> match 5: (default pixmonth)
]> match 6: 5 (default pixdate)
]> match 4: Feb (default pixyear)
]> match 7: 14:08:44 (default pixtime)
_________________________________________________________

I changed in syslog-ng the datetime to $S_ISODATE and it works
You supplied the following log message:
Feb 5 14:39:30 de9cf000 2009-02-05T14:39:30+0100

Resulting in these matches using a default regex filter of:
(.*):(.*) (.*) (.*)-(.*)-(.*)T(.*)[+-]
_________________________________________________________

]> match 1: Feb 5 14:39
]> match 2: 30
]> match 3: de9cf000 (default pixhost)
]> match 5: 02 (default pixmonth)
]> match 6: 05 (default pixdate)
]> match 4: 2009 (default pixyear)
]> match 7: 14:39:30 (default pixtime)
_________________________________________________________

but I must also change ## Calculates correct date
%months = ( from “Jan”,”01″, to “01″,”01″, etc.

thank you for support.