Monthly Archives: December 2009

WAF vs IPS (or Four Things Your IPS Can’t Do)

I see this often and I am always amused at the topic. I have worked with IDS/IPS for 8 years, so I know IPS when it was just a flavor of IDS that no one wanted to enable for fear of blocking access to users and customers. I chuckle at the thought of WAF being a glorified IPS. My how times have changed.
Here are four things that your WAF can do that your IPS can’t. I tried to keep this vendor agnostic.

Please feel free to pile on or comment, just no flames please!

WAF vs IPS?
Web Application Firewalls, as the name implies, work with web applications almost exclusively. Most WAF are often not best-of-breed traditional firewalls, and should not be implemented in place of a traditional network firewall. Typical WAF deployments feature SSL decryption of web application traffic and blocking of web-based threats after the WAF reassembles each web session. This is possible because the WAF operates at the application layer where HTML, XML, Cookies, Javascript, ActiveX, Client requests, and Server responses live.
Read more…

Advertisements

CCNP Wireless – Not for the Faint

I recently had the privilege of reviewing some CCNP Wireless material. Although my CCNA expired a long time ago, I’ve worked with a lot of CCNP’s, CCIE’s, and Cisco gear (including wireless) over the years. I expected the material and content to be similar to other Cisco material I’ve read/studied. I have a CCNP Study Course sitting on my desk, if I can ever get to it.

Anyway, after reviewing the syllabus for CCNP Wireless, I can honestly say that you’re a Cisco Wireless Guru if you can pass all four of the exams without doing at least one cram course or buying the soon-to-be on-the-market Study Guides. You’ll need some strong experience and a good instructor to tackle this beast.
Read more…

Five Classic Web Attacks

While reading through my blog inbox and writing up my 2010 Wishlist for work, I thought I’d drop a quick post to highlight five web security ‘problem areas’ that still exist after at least a decade of patches, pleas, and regulatory requirements.

  • SQL Injection
  • Hack the Web Server
  • Cross Site Scripting
  • Cookie Tampering
  • Session Hijacking

I often find myself explaining what these are and providing examples, in order to garner support for remediation.
Read more…