cutting tcp/ip connections over linux firewalls

Network security administrators sometimes need to be able to abort TCP/IP connections routed over their firewalls on demand. This would allow them to terminate connections such as SSH tunnels or VPNs left in place by employees over night, abort hacker attacks when they are detected, stop high bandwidth consuming downloads – etc. There are many potential applications.

This article describes how a Linux IPTables based firewall/router can be used to send the right combination of TCP/IP packets to both ends of a connection to cause them to abort the conversation. It describes the steps required to perform this task, and introduces a new open-source utility called “cutter” that automates the process.

double snorting

This quick article talks about running double instances of Snort in order to capture two opposing sets of data. First one sensor catches “everything” that you can imagine in the rules, basically allowing the operator to get an idea of the state of the Internet as a whole. The second sensor only catches things of immediate interest to the operator, basically filtered so that only those threats that may affect the operator are captured. I like this article due to the explicit instructions on installing and running Snort.

intro to security and much more

This site has basically a paper tackling an Introduction to Security…but it has so many links that it is just a very nice little page to link to and keep around and explore the links off of it, even if they’re known sites and topis. A very nice intro-compilation.

rules of thumb for security and defense

Joat posted this, so I’m going to copy it over:

Just keep in mind the general rules of thumb for security:

  • It’s not “if” someone is going to break in, it’s “when”…
  • in the real world the best you can hope for is fifteen minutes of fame, in the virtual world, the best you can hope for is fifteen minutes of obscurity… (quote mine)
  • there’s no such thing as a secure online system…
  • and adding technology rarely adds security.

The general rules of thumb for countering attacks:

  • Log as much as practical
  • review your logs automatically AND manually
  • employ a consistent backup schedule
  • use your metrics, be able to recognize what’s normal and what isn’t
  • the most expensive investment in security is also the one you’ll get the best return on: knowledge

Regardless of what personnel and what cool toys you have guarding your network, someone, somewhere, sometime will break into your network.