Re: Firewall Upgrade

[Mike Osterman <ostermmg () WHITMAN EDU>]

Ben,

How exactly are you blocking SMTP effectively? We were advised that setting SMTP to "block" would be a bad idea as it 
would keep retrying.

-Mike

On Feb 14, 2014, at 10:19 AM, Ben Parker <BParker () CHICORPORATION COM> wrote:

> Disclaimer: reseller
> Where I have seen the largest impact from places we have put wildfire is blocking zero day viruses coming in via 
> smtp. An amazing amount of those things are now seen as new threats by a lot of antivirus vendors. Basically all the 
> fax or shipping report type of stuff.
>
>
> Sent from my Verizon Wireless 4G LTE Smartphone
>
>
> -------- Original message --------
> From: Mark Rogowski 
> Date:02/14/2014 11:55 AM (GMT-05:00) 
> To: SECURITY () LISTSERV EDUCAUSE EDU 
> Subject: Re: [SECURITY] Firewall Upgrade 
>
> Interesting conversation and good feedback for sure.  And yes, CST, although it is daylight right now…  ;-)
>  
> The reason I bring this up is we are just beginning to deploy a PA and only have the AV/AM service running right now. 
>  Initial observations is that it is picking up Conficker just fine but nothing else.  Obviously things need to be 
> tweaked, but I honestly was expecting to see more action out of it from the get-go.  Looking at the Spyware 
> signatures they don’t seem to get updated very often.
>  
> Our ISP deployed a FireEye appliance on a 30 day trial last year.  For that month we observed a significant drop in 
> malware infections.  So I was hoping the PA with the Wildfire service could be as effective.  We didn’t subscribe to 
> the Wildfire service yet, and may request a trial before committing to said service.
>  
>  
> Mark Rogowski  CISSP, CISM
> IT Security / Information Security Office
> University of Winnipeg
> Ph: 204-786-9034
>  
>  
>  
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf OfRoger A 
> Safian
> Sent: Friday, February 14, 2014 10:19 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Firewall Upgrade
>  
> I agree on wildfire, and URL filtering.  In fact, the URL filtering, which we primarily wanted as another layer to 
> prevent phishing, was terrible.  My guess is it works great, in say a bank, but, in a university, the categories 
> aren’t that useful.
>  
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf OfHall, 
> Rand
> Sent: Friday, February 14, 2014 10:04 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Firewall Upgrade
>  
> Like Roger said, YMMV. Most people have many layers of defense. No layer is magic. OpenDNS blocks some stuff for us. 
> PA DNS anti-hijacking firewall rules block stuff. Threat Protection on PA blocks some stuff. Basic Wildfire alerts on 
> some stuff. Desktop AV still blocks some stuff. PA Threat Protection blocks/alerts on post-infection C&C traffic.
>  
> The basic Wildfire service that comes with Threat Protection is pretty good for what it is. The premium service is 
> overpriced, IMHO (as is URL filtering).
>
>            
> Rand
>  
> Rand P. Hall
> Director, Network Services                 askIT!
> Merrimack College
> 978-837-3532
> rand.hall () merrimack edu
>  
> If I had an hour to save the world, I would spend 59 minutes defining the problem and one minute finding solutions. – 
> Einstein
>  
>
> On Fri, Feb 14, 2014 at 10:25 AM, Mark Rogowski <m.rogowski () uwinnipeg ca> wrote:
> Forgive the derailing of this thread, but given all the chatter regarding Palo Alto, I am very curious to know how 
> effective the product is at stopping malware.  PA touts they have strong anti malware protection - is this in fact 
> true?  Have any of you noticed a drop in your end point infections?
>
> Mark Rogowski  CISSP, CISM
> IT Security / Information Security Office
> University of Winnipeg
> Ph: 204-786-9034
>
>
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
> Michael Horne
> Sent: Friday, February 14, 2014 8:48 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Firewall Upgrade
>
> I will also give a +1 to Palo Alto, We replaced a pair of aging Nortel branded check points with a pair of PA 5020's. 
> We are very pleased with them and I personally would recommend them as well. A lot deeper view into what's happening 
> on the network as well. Rule creation is not bad either once yopu get the mind shift changed to zone / application 
> based vrs just a port based FW.
>
>
> Michael Horne
> Network Engineer
> Olin College of Engineering
> 1000 Olin Way, Milas Hall, Suite LL18
> Needham, MA 02492
> 1-781-292-2438
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russo, 
> Dan
> Sent: Thursday, February 13, 2014 2:19 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Firewall Upgrade
>
> We are looking into upgrading our Firewall. I was wondering if anyone had anything to offer in regards to what you 
> are using and the pros/cons associated to it.
>
> Thanks,
>
> Dan