Two years ago I wrote regarding Dual Firewall DMZ design. While (I hope) it does well to illustrate how a DMZ can operate, admittedly its a clumsy design and not one I’d recommend. First and foremost, DMZ design has to meet the needs of implementation; there is no one-size-fits-all solution. That said, I want to […]
Palo Alto – URL Filtering
Today we’ll ease into Palo Alto Threat Prevention with a post on URL Filtering. As the name suggests, URL Filtering allows you to shape and control web traffic as it traverses your firewall. If you missed it, we previously defined the objects, rules and polices required to create a basic perimeter firewall which you can […]
Dual Firewall DMZ
Creation of a DMZ allows you to place externally-facing services in an isolated security zone so that the internal network is not exposed to the outside world. Today we’ll take the textbook DMZ example one step further by sub-diving the DMZ into external and internal zones. Instead of a single firewall and DMZ switch we’ll […]
Securing Secure Shell
The best way to secure a server is to limit its attack surface. The most reliable way to secure your server is to shut it down, unplug it and store it behind lock and key. Unfortunately, this is not practical and defeats the purpose to serving. We need to find a reasonable middle ground. While […]