Source NATing

This morning on the Cobia Forums, we had a question about the creation of a basic firewall rule configuration.  As was pointed out by Paul Crook, without any setup the Cobia firewall module allows all outbound traffic and responses, but blocks incoming traffic, because of the default Final Rule .  If your using live, assigned IP's on your internal network, the firewall should pass the traffic through automatically and work without any additional configuration. 

On the other hand, if you're like most of us, you'll be using a non-routable class B or C network, such as 192.168.x.x, on your internal network and need to do Network Address Translation or NAT. KC Berg stated that it'd be a cake walk to make the rule and I thought it was worth taking a few minutes to put together a quick screen capture of how to create this in Cobia.

From the base of the Firewall module, select 'Configure firewall', 'NAT Rules' and 'add rule' in the Source NAT section (left image).  I named the rule Cake Walk, set the Incoming interface to my private network and my outgoing interface to the public network(right image).  Hit ok twice to commit the rules and all traffic from the internal network will given an external IP address as it exits the network.

I choose a simple configuration like this to start, but I'll be creating quick Cobia walk throughs like this in answer to questions from the forum or when I do something interesting on my own network.  Let me know if there's a scenario you'd like to see us talk about.  You can drop us a line a at cobia@stillsecure.com.

New Security Blogs

I read a lot of security blogs and there are more good ones being started all the time.  I like to draw people's attention to them so that new bloggers can grow and flourish, adding their own ideas to the mix.  And I hope to encourage new bloggers to keep posting by bringing additional traffic to their site. 

A good example of a new blog that has plenty of potential is the new Google Security Blog.  Most everyone agrees that Google has some very intelligent people, but until now we didn't really have someplace to read their writing.  I just hope they start posting more often.  As I commented on the Dark Net site, they're going to have to post regularly to build the audience they deserve.

On the 1-man IT Department blog, Michael is a security expert in the early stages of his career.  I strongly encourage using blogging as a way to grow professionally, something friends like Michael Farnum and Cutaway will echo.  I've been promised a review of Cobia, so I'll be checking back often. 

David Whitelegg isn't pulling too many punches on his IT Security Expert site.  He's in the UK and so has a slightly different the the majority of security bloggers, who are mostly American.  I really liked his rant against Google.  I love using Google products, but I hate thinking of the amount of information they keep in their database that can tracked to me and my habits.

Do you know of anyone else who's come onto the security bloggers scene lately?  Let me know.  I think someone was going to organize a blogger meet up at Black Hat.  I'll let you know when I find out more.

Photos of Cobia folks

We took a few pictures at Interop of the Cobia booth and the Cobia Community, a habit we'll be carrying on at future shows.  You can view the pictures on Flickr or in the right side bar.   We had a lot of fun taking the pictures and  hope it gives you faces to put with the names we sometimes mention on the podcast.

In case you haven't already heard, we're also looking for photos of Cobia users in famous or noteworthy places.  Live near a world renown land mark or have the best built server room in the western hemisphere?  Send us a picture of you there at cobia@stillsecure.com.  We'll feature your photo on the site and you might even win something special. 

We'll add more pictures every event, so keep coming back to take a look.  Maybe you'll show up in one soon.

Using Cobia on VMware?

One of the exciting things about using Cobia is running it in VMware. Thousands of people have downloaded the Cobia VMware images (Windows and Linux). I've had numerous comments from Cobia users about how fast you can have a firewall, router or other network services up and running, pronto. Many users' introduction to Cobia is trying it out on VMware and some elect to continue running Cobia on VMware.

If you are running Cobia in VMware, Martin and I would love to talk to you. We are working to learn how Cobia users are using the product and how VMware has helped you with your networking needs.

Using Cobia on VMware? Send us an email at cobia@stillsecure.com. We're looking forward to talking to you!

Furniture shopping and Cobia

Right now, my wife is online looking at new office furniture.  Because I'm spending a lot of my time working from home, she wants her computer out of my office and I'm not complaining.  She has a modest budget for a armoire type computer desk in the living room, the type that folds away when you're not using it.  The search has already been going on for a week, but hopefully she'll find something soon.

This will also mean redesigning portions of my network, something I'm looking forward too.  As it currently stands, my Linksys wireless router is sitting behind another Linksys router which in turn sits behind a third Linksys router that acts as my external firewall.  My DMZ between sits between the two wired router and my local network is on the same router as the wireless router.  My wife's computer is currently sitting on the local ethernet network.

When we find the piece of furniture she wants, her computer will have to move to the wireless network.  I'm building a Cobia server to act as the firewall for the wifi network, directly connected to the DSL router.  The Linksys WRT54G will attach to the Cobia firewall, which will probably also become my secondary DNS server eventually.  It'll simplify that portion of the network a lot, and hopefully clear up some of my issues with the kids wifi.  Next thing is to rate limit the wife and kids connection so I can keep all the bandwidth for myself!  Or not, if I don't want to run afoul of my wife.

I'm can't wait to reclaim the room in my office as well as cleaning up my network a little.   I think I'm going to have to reset the WRT54G because I misplaced the password, but that's a small price to pay.  I'll take notes and post a write up here.  Once we've selected the furniture, that is.

Passing along good luck

At Interop last week Jason Welsh won the first of the iPod Nano's we gave away for wearing a Cobia t-shirt in the Cisco booth right by the front door.  Jason was pretty excited to win the Nano, but he's even more excited to be giving it away to a member of the Welsh Foundation.  The Welsh Foundation concentrates on local community events in Southern California.

Jason is working to help folks on a local scale and he's using his new iPod Nano to help him recruit additional members.  Jason has a long list of the activities he's been doing and what he's got going on in the near future.  Jason is a great example of someone who deserves the title of 'Evangelist' for his local community.

For an example that's a little closer to home, I'll be attending Securanoia 2007 in Boston next month.   The National Information Security Group in Boston is having The Race for Security to benefit the  Caitlin Raymond National Registry.  Mike Rothman will be presenting based on his successful book, The Pragmatic CSO, which should be worth attending the event by itself.  Getting to drive in a go cart for a couple of hours is just icing on the cake.

Let me know if you or a local users group is helping contribute to your local community.  I'd love to hear more examples of how the Cobia Community is helping local communities.  And let me know if we can do anything to help.

Blocking Boguns

I like revisiting the basics from time to time.  It just seems like a good idea to me to go back and make sure you've got a good foundation to work from before moving on to more complex tasks.  And by taking another look at the simple stuff from time to time, it helps me understand and remember how it relates to the more esoteric security considerations we sometimes run into.

One of the things the developers did in the Cobia firewall module was to automatically create a final firewall rule that drops all traffic.  This is the good, old, "if it's not explicitly allowed, it's denied" rule.  It's a simple rule, with not much to it, but it's one I've seen forgotten more than once.  Having it created by default means one more thing you don't have to worry about.

When I was recently in Texas at TRISC, I got to sit down and listened to Mark Loveless, aka Simple Nomad, talk about evading IPS/IDS.   One of the methods he mentioned was how hackers use 'dark' or unused IP addresses to perform reconnaissance and attacks against networks.  Some of these are addresses that have been assigned but aren't currently used, such as spare public IP addresses, but a large number of them are bogons.

What are bogons?  According to the Team Cymru Bogon Reference page, "A bogon prefix is a route that should never appear in the Internet routing table."  In other words, a bogon is an IP address no one should be using.  And since no one should ever be using IP addresses from the bogon list, there's no reason we should be allowing this traffic into or out of our networks. 

Creating an ingress and egress filters to deal with the bogon list is fairly simple but will take a few minutes to set up the first time since the list is fairly long.  Team Cymru has provided the list in several forms, and updates it regularly to remove allocated addresses and add disputed or unused ones.  While you're creating these filters, I'd suggest adding another to block inbound traffic that originates from your own subnet range; there's no reason you should ever see this type of traffic, so block it.

Blocking the bogon addresses is a simple process, but it's one we often overlook in a firewall installation.  It probably won't make a difference in your day to day networking, but if it gives someone trying to scout out your network one more hurdle to overcome, I think it's worth doing.  If you've got a good foundation to work from, then when the more complex problems come up, you've got your basis covered. 

Interop 2007 is over and it was good

I'm still getting used to being on the vendor side of the aisle, but from my point of view Interop 2007 was a huge success.  Exhausting and incredibly draining, but worth every moment of the time we spent there.  It's taken me a couple of days for my initial recovery, and I'm sure almost everyone else is the same, but still something I'm looking forward to doing more of in the future.

If you've never been to an event like this, one of the first things that will impress you is the size of Interop.  I took a number of breaks to wander the showroom floor over three days, and I'm sure I missed a good portion of the booths.  It was hard to miss the huge booths like Cisco's and Extreme Networks, but wandering amongst the smaller booths, it was easy to overlook a vendor and then have them suddenly catch your attention the next go around.   Which is exactly why I toured the showroom several times, just to see as much as possible.

One thing that surprised me was the large number of wireless vendors at the event.  There was a whole section of the floor that had antennas sticking out all over the place.  I heard another vendor state that they almost felt like they were in a microwave every time they walked into that area, with all the yagi antennas and whatnot pointing their way.  There were more than a few antennas that I couldn't even identify enough to tell you what type they were, let alone how they were meant to be used. 

We had a good amount of traffic at our own booth.  Even though we started a couple of our presentations with only one or two people in the audience, by the time we'd finished, we filled almost every seat.  In fact, more than once we had standing room only, which surprised me more than a little.   We gave out shirts literally by the armload full. Next time I think we'll bring a few more, since we ran out  by the end of day two.

Speaking of shirts, ours was one of the big hits of the show "What happens in Vegas, stays in Vegas ... unless you catch a virus!"  We not only had attendees coming by to tell us how much they liked the t-shirts, but other vendors too.  You know you're shirt is a success when other vendors want to get one.

We gave an iPod Nano each day to someone who were got pictures of wearing a Cobia shirt in a competitor's booth.  One poor girl got her picture taken in a booth, but then couldn't escape from the vendor for over 15 minutes.  I don't know how other vendors do that; I'm more than willing to talk to anyone about Cobia, but when someone is done talking, I'm more than willing to let them go.  I guess some people think spending a lot of time with a potential customer is the same thing as answering their questions.  To each there own.

Our next big event is going to be Black Hat at Caesar's in July.  This is going to be a fun event; not only does it attract a much different crowd, we're also planning on having a hospitality suite with a Wii, games, drinks and other fun stuff every day.  If you want to take a load off after having spent some time on the show room floor, this'll be the place to do it!  Plan on stopping by, having some snacks and drinks on us to help recharge your batteries.  After a  couple of days on the showroom floor, you'll need the rest, trust me.  Especially if you're also attending DefCon, like I will be.

One last thing:  I need to extend a huge thanks to Jason Huggett, a Cobia user who joined us at Interop.  We flew Jason down to spend the convention with us and he worked at least as hard as anyone else in the booth.  Soon we'll be looking for a pair of Cobia users to join us at Black Hat, so keep an eye on the blog for more information.  You could end up being the next Cobia user to join us at an event.    

We have a winner!

We're giving an iPod Nano away each day here at Interop using a scientific process sure to astound you.  We gave out a ton of t-shirts all day and told people we'd be taking pictures of folks we see wearing the t-shirts in competitor's booths.  We roughly defined 'competitors' as just about any other booth at the event.  Then we sent Jason Huggett, our guest Cobia user, out with a digital camera to look for folks. 

He came back at the end of the day with a camera full of pictures and we chose Jason Welsch as the winner for the day, mainly because he went and camped in the Cisco booth and then sent his compatriot back to the booth to make sure Jason would find him.  We figured that sort of adventurous spirit deserves some sort of reward. 

We'll be giving out another of the iPods tomorrow and again on Thursday afternoon.  If you're at the event, wear your Cobia shirt and maybe you can be the next one to win.  And if you ham it up a little when Jason finds you, it might just help your chances to win the prize, you never know.

Cobia's growing up

We've got some exciting announcement's about Cobia this week at Interop:  two partner programs, the Cobia appliance and paid for support!  We've had huge amounts of interest from the partner channels, which means more options and support for everyone using Cobia.

We're working with a number of Value Added Resellers (VARs) to provide support and installation services for Cobia.  If you don't have the time or expertise to do a full installation of Cobia yourself, these are the people who will help you do it.  Our VAR partners will provide support and training on Cobia and will help you use it to it's fullest.  Our ISV's are creating additional modules that will allow you to extend the power of Cobia by using products like Cymphonix for traffi filtering or ArcMentor for dealing with Instant Messaging traffic.  We've got a lot more partners coming, which will really give you a lot to choose from.

Second, we're working with Portwell to offer a pre-configured Cobia appliance.  These systems are sweet, with a ton of options to choose from.  Our modular architecture and their configurable hardware make an excellent partnership, which means you get the best product possible.  This isn't an old style fixed appliance, it's fully upgradeable, both from a hardware and a software perspective. 

Finally, we're announcing paid-for support in addition to the Cobia Community.  Do you work for one of those companies that doesn't like open source because "there's no support"?  We're offering commercial support via email and phone 24x7, which will silence those concerns. The support in the forums is still there, but this will give you a much more immediate method for solving any problems you run into.  And it'll let your boss sleep a little better at night.

If you're in Las Vegas this week at Interop, stop by the Cobia booth.  You can see the Portwell system in action and will be able to talk to the folks from Cymphonix each day.  Not to mention you can get a t-shirt and possibly win an iPod Nano.  See you there!