WSM Reference Guide - WatchGuard Technologies

More documents

Recommendations

Info

Grey Hat SitesInsecure.orgCheck out the online home of the well-known security researcher Fyodor, who authored nmap,the best port scanning tool available. From this site you can download nmap and 74 othersecurity tools from others, many of them excellent. Insecure.org serves as a repository fornumerous other security lists which may not have an archive of their own (such asFullDisclosure). If you don't want to junk up your Favorites with every security list (BugTraq,FullDisclosure, Pen Test, etc.) bookmark this one site and you can find them all from here.Governmentsecurity.orgDespite its name, this site is not sponsored by a government. Like many of the other sites we'verecommended, it archives daily security news. But our favorite feature is the moderated securityforums, where you can discuss relevant topics (ranging from general network security, to howto compile and run specific exploits) with other network administrators.Microsoft TechNetIT professionals running a Windows network look here for the latest Microsoft security bulletins.Pro: Authoritative source for Microsoft security fixes. Con: Microsoft's alerts minimize the trulybad implications of some vulnerabilities, sometimes unfairly. Bring a suspicious mind to thepart of each alert that talks about "mitigating factors" that supposedly reduce risk. Net: If youuse Windows, you've got to visit here at least monthly.CERT.orgThis government-funded source of security advisories describes itself as "a center to coordinatecommunication among experts during security emergencies and to help prevent futureincidents." Pro: CERT does an excellent job of coordinating information when vulnerabilities arefound in the most commonly-used Internet resources. Con: Because their work is "official" andbecause so many vendors can have a say in CERT's advisories, this is often the last entity to issuea security advisory. Net: Pretty much the final word on anything Internet-related and notowned by a private vendor. A must for your arsenal of resources.Grey Hat SitesWe characterize these security researchers as "grey hats" because, unlike white hats, they might notinform the appropriate manufacturer before publicly revealing their findings and posting exploit code(often passed off euphemistically as "proof of concept" code). Technically they're not breaking laws oracting maliciously, like "black hats." But announcing security holes before vendors can fix them is likegiving an army a map of the castle they're attacking, with a big red arrow marking the secret entrance.Grey hats commonly claim their behavior contributes to overall security by making vendors watchthemselves more diligently. Whether that is true is a battle we'll leave to someone else.Nonetheless, "grey hat" sites are worth inspecting when you want to understand more about how a particularvulnerability works. These sites are often the first to reveal new vulnerabilities, much sooner thanyou'll get the info from the appropriate vendor. When trying to prioritize how urgently you need topatch flawed software on your network, flaws where the exploit code is publicly posted should go to thetop of your list. To learn whether exploit code is publicly available, monitor our LiveSecurity alerts, andcheck some of the following sites.Unpatched Internet Explorer BugsResearchers have found numerous security flaws in Internet Explorer that Microsoft has notpatched yet. Some holes are serious (for example, one enables a hacker who has lured you tohis malicious Web site to silently install and execute code on your computer). Liu Die Yu's site80 WatchGuard System Manager
Other Web Sitesmaintains a list of these unresolved flaws. Many of his descriptions include workarounds thatminimize the vulnerability while we all wait for Microsoft's patch.Packetstormsecurity.orgThis site offers a repository of the Top 20 security tools, advisories, and exploits, updatedthroughout the week.K-otik.comThis French site is usually the first place you’ll find significant exploit code. They also archivenotable white papers in various languages, so multilingual administrators can get a world ofsecurity instruction here.2600.comThis Web site supplements the printed journal 2600 , the seminal, well-known "hacker'squarterly," where programmers inform one another of new flaws, exploits, and attacks oneverything from networks to phone systems. Worth a read so you can realistically assess thestrength of your countermeasures.Other Web Siteswww.howstuffworks.comSimple explanations of how all kinds of things, including system and network components,work.www.zebra.org/zebra/index.htmlOnline gnu zebra configuration document for Firebox users using dynamic routing protocols.www.watchguard.com/support/advancedfaqs/log_sniffing.aspCheck here for information on a useful Network Packet Analyzer.www.iana.orgLook here for lists of protocol number assignments and TCP and UDP port numbers.www.telusplanet.com/public/sparkman/netcalc.htmA network calculator.www.winguides.com/registry/A good site for information about the Windows registry.www.watchguard.com/glossary/?nav=icOnline glossary of security terms.vmyths.comSome viruses you hear about are not real. Though each of virus vendor has a “virux hoax” page,when we have to prove to a hysterical user that a problem doesn’t really exist, we like the writeupshere.slashdot.orgFor fun, no self-respecting geek should miss viewing science, pop culture, and the world ofcomputers through the perspective of the IT-minded community (millions strong!) whocontribut to Slashdot.Reference Guide 81
Page 1 and 2:
WatchGuard ® System ManagerReferen
Page 3 and 4:
ContentsCHAPTER 1 Internet Protocol
Page 5 and 6:
CHAPTER 1Internet Protocol Referenc
Page 7 and 8:
Internet Protocol HeaderKeyword Num
Page 9 and 10:
Transfer ProtocolsSource RoutingThe
Page 11 and 12:
CHAPTER 2MIME Content TypesSoftware
Page 13 and 14:
Type Subtype Reference (where avail
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
CHAPTER 3Services and PortsWell-kno
Page 25 and 26:
Well-Known Services ListPort(s) Pro
Page 27 and 28:
Well-Known Services ListService Nam
Page 29 and 30:
Well-Known Services ListService Nam
Page 31 and 32:
CHAPTER 4Log MessagesUnderstanding
Page 33 and 34: Traffic LogsFWAllowEach packet filt
Page 35 and 36: Traffic Logsdst_ip="66.35.250.151"
Page 37 and 38: Traffic LogsDNS Proxy Traffic Log M
Page 39 and 40: Traffic LogsHTTP Proxy Traffic Log
Page 41 and 42: Alarm LogsPolicy AlarmsDefaultNameP
Page 43 and 44: Alarm LogsDenial of Servce (DoS) Al
Page 45 and 46: Event LogsGateway AntiVirus Service
Page 47 and 48: Event LogsDescription of Log Module
Page 49 and 50: Event LogsEvent Log Message Catalog
Page 59 and 60: Firebox Log File XML DTD and Schema
Page 61 and 62: Firebox® X Edge Log MessagesModule
Page 73 and 74: CHAPTER 5WebBlocker ContentWatchGua
Page 75 and 76: WebBlocker CategoriesCategoryDrugs,
Page 77 and 78: WebBlocker CategoriesCategoryJob Se
Page 79 and 80: CHAPTER 6ResourcesThere are many re
Page 81 and 82: Mailing ListsMailing Listswg-users@
Page 83: White Hat Web Sitesbeginners. Cons:
Page 87 and 88: RSS Feedswww.sophos.com/virusinfo/i
Page 89 and 90: IndexBblocked sites, searching for
show all

WSM Reference Guide - WatchGuard Technologies

Create successful ePaper yourself

Delete template?

Save as template?