On Feb 28, 2010, at 10:09 AM, Kris Price wrote:
Is protecting against vulnerabilities in the network stacks of the hosts a non issue these days?
Not typically. And note that exploits against the network stacks, 'inspectors', and so forth of stateful firewalls abound.
Since I'm not up to speed with what DDoS attacks consist of these days, do you have any good links to information, papers, presentations, etc., on what these attacks consist of? I'm particularly interested in what they're up to in terms of crafting legit requests, are they primarily trying to flood links by downloading large files, or use resources by running scripts, etc?
These may be of interest: http://www.arbornetworks.com/report http://files.me.com/roland.dobbins/y4ykq0 http://files.me.com/roland.dobbins/k54qkv
One of the advantages of firewalls is they generally come with good management systems, i.e. the ability to manage ACLs without writing them by hand.
Not in my experience, and I spent a decade working for the largest vendor of firewalls in the world. All the commercial ACL-management systems I've seen are junk. Matasano are supposed to be working on something actually useful, though I've yet to see it.
Any thoughts with regards to the best practise, or state of the art, these days in terms of managing ACLs on routers?
Most folks use some sort of versioning system combined with custom scripts. A rational IP addressing scheme helps a great deal, as well.
If I have servers that need to make outbound requests as well, any thoughts for how this is best managed, i.e. stateless inbound, stateful outbound?
Do it via a proxy; communicate with the proxy via a separate interface (doesn't even have to be globally reachable).
-----------------------------------------------------------------------
Roland Dobbins