firewall – Incoming and outgoing connections from the Squid proxy?

I am using the Squid proxy and I am trying to block certain connections (inbound and outbound traffic) from a certain IP address. However, for example, if I refuse all connections (http_access deny all), this only blocks connections that I have established with websites for example, but if I use another PC and I 39; try to ssh or bet on the PC which has the squid proxy, it is authorized. How can I block traffic from and to a specific IP or DNS? Is it possible to do this with Squid?

If not, what is the best way to do it?

Thank you.

firewall – Is it possible to bypass the .htacess protection?

So, I was involved in one of the projects where the client site and the admin panel / dashboard were hosted on different sites. Not like a lot of CRM or 90% of the common sites (just in / admin or other URL location on the root client site), but literally on different areas.

To access the interior of the dashboard login page, the user must make a request to the client site (open to everyone), on a specific URL, where after the process with some questions / verification , its IP is added to the database. On the dashboard site running a script, which retrieves the array of trusted IP addresses and rebuilds the root .htaccess according to the pattern every x minutes. The final .htaccess file looks like this:


Order Deny,Allow
Deny from all
Allow from localhost
Allow from 127.0.0.1
Allow from...
List of approved IPs line by line goes here

I want to make the same configuration in one of my applications and work on it. Because the IP whitelist located in the header of the .htaccess root file, there is no chance of uploading a file / subdirectory / URL to this domain, I will always get a 403 error.

As I understand it, all MySQL payloads will be dropped by the server before they even reach the application with PHP / MySQL. The question that bothers me, what kind of attacks are still possible on this dashboard, with such a .htaccess configuration as root, on the latest Apache 2.4? Maybe there are ways to get around it, with difficult headers or something like that?

From what I think, only possible:

  • XSS attacks on the customer site, in case the data is not filtered and printed in the dashboard.
  • CSRF attacks on the dashboard if you know of whitelisted users and
    application structure.
  • Brutforce and scanning non-web ports such as FTP, SSH, SMTP, etc. where requests will not be deleted due to the .htaccess whitelist

What other possible attacks should I consider while working on security? (Including attacks on the client site that linked or spoke with this dashboard)

Thank you

VPN firewall recommendations | Web Talk Hosting

Hello, I've been active here for a while, but I hope to be much more active in the future (moderators, please move this to the appropriate forum if this is not the case)

We have a client who requires that all traffic from his clients be routed securely via VPN to our infrastructure. We are currently using a Mikrotik and it makes our head a bit sore, which is very surprising given that it has been recommended by many of the network engineers I have consulted. We have seen VPNs fall for no reason, and sometimes the speed is very slow even if the traffic is light.

We are now looking for alternatives and I am recommended Barracuda and Sonicwall. I definitely prefer the Barracuda interface to Sonicwall, but I look at the statistics and Sonicwall seems to offer much more than Barracuda for the price. I have talked to several suppliers who work with Sonicwall and they like it and it's the only thing they use or hate but I can't figure out why (again , I was not a fan of the interface).

We are currently testing the current configuration, but the client should be brought online as soon as possible. The client will have site-to-site VPNs configured for each of their customers who have a hardware firewall in their office and a software VPN client for those who do not have one. Speed ​​is crucial as they are constantly transferring data and load times must be fast. We have set up IPSEC tunnels that seem to do the trick, but again, the current configuration is not the most stable and I would like to have a solution in place that can deliver performance they need before going to scale.

What can you recommend and why? If you need more information, please let me know. Also, if you can recommend suppliers of networking hardware that I can contact, that would also be much appreciated!

Thank you for your time!

network – Can a firewall duplicate denied traffic on a TAP / SPAN port?

We have a number of Palo Alto firewalls at various points in our infrastructure, for east-west, north-south and DMZ traffic, all managed with Panorama. These firewalls have TAP ports that are connected to a Network Packet Broker (NBP) platform that balances session flows and captures all traffic as PCAP. Often, I will want to investigate traffic that the firewall has refused – either incoming attack traffic from the Internet, or internal east-west traffic that is incorrectly blocked. However, it would appear that only the traffic that the firewall has allowed to pass is reflected on the TAP port. Is it possible to configure firewalls to also reflect denied traffic? How would it be done?

firewall – Safely use the old Windows XP machine in the corporate network

It is not uncommon to have these machines unsupported and vulnerable in an organization. It is important to perform a risk assessment to determine the impact of any vulnerability.

High level risk assessment

Threats:

  • Internet connections mean remote threats are a problem
  • Local network connections mean that threats within the network (or remote threats that have accessed the network) are an issue
  • Local physical access to the machine means that anyone who can interact with the machine can be a problem

Impact:

  • Network connections mean that the machine can be used to attack the rest of the network.
  • Any access means that all sensitive data on the machine is in danger (if there is sensitive data on it, like manufacturing designs)
  • Any access means that the configurations or parameters of the machine can be modified in a malicious (and dangerously) way

Mitigation:

  • reduce or eliminate network connections
  • reduce or eliminate physical access to machines by unauthorized persons

Your specific case

Without knowing the more specific requirements of your company's machine:

If you need internet access (and it really can't be replaced by some other measure), you should cut it off from the rest of your network as much as possible and allow it to receive only emails. manufacturer connections and prevent connections. outside. Your perimeter and your internal firewalls come into play here to design a new network. You also want to be able to monitor and recover from anomalies that occur on the machine.

What I have done in similar situations is to turn the machine into a virtual machine (VM), use VM tools to take snapshots, go back, etc. and use the hypervisor to control access, networking and monitoring. Machine virtualization is not always possible, however.

firewall – Unable to open 8888 from a VM host to a Linux guest

I started a notebook jupyter service on a Linux guest, there is no problem for me to access it from a browser within the guest with the guest ; address as localhost:8888

When I tried to access it from my host, it didn't open for me.

I have checked the ping / telnet, this shows that the ping is good but telnet to the port fails to connect.

I also temporarily close the firewall on my host, no changes.

How to solve a problem like this?

vpn – Wireguard Server Firewall Help, Centos 8

I have a working Centos 8 server with pretty much everything I want, except from a Wireguard server, I have tried many different tutorials and configs, digging with firewall-cmd and so on, but I can't connect to the server … I managed to connect to the wireguard server when I'm on the same network … which is pretty useless (the connection was also VERY slow), I want to be able to connect from any device from anywhere as long as I have the key, should I change the wireguard network area in firewall-cmd?

Changing the password on the Palo Alto Networks firewall has no effect

By default, the Palo Alto Networks PA-220 is delivered with the superuser name admin / password admin. I can change them (either via ssh > set password or via the web GUI Device > Administrators > admin. But, the password seems to remain administrator.

This is true even if I click Validate on the web GUI, and it indicates that the validation was successful.

(This is a brand new firewall, not yet licensed.)

Azure – Allow Web App to access KeyVault with firewall

I have an Azure KeyVault which is secure at the network level. I only allow connections from 2 specific virtual networks / subnets.

However, I also want one of my web applications (outside the subnets) to be able to recover the secrets of KeyVault. I have added an access policy to allow my web application to get and list the secrets.

I thought this setting Allow trusted Microsoft services to bypass this firewall? would be sufficient to allow my App Service to access KeyVault (they are in the same subscription). Apparently this is not the case.

What setting should I use to keep my firewall rules and allow my web application to retrieve secrets?

VPN – How to bypass the Fortinet firewall?

I'm new to cybersecurity. I want to know what is the best method to bypass the Fortinet firewall. I tried to use VPNs but the firewall blocks them, the VPNs do not connect. I have tried Tor, but it does not connect as well. Which tool should I use? Also, this is my first question about this battery swap, so if this is off topic or not published with the appropriate requirements, please guide me in the comments.