If a firewall is a gate, a session border controller is a canal. Whereas a gate can only be opened or shut, canals have a series of trenches which are filled and then released. This buffer allows much more complex checks and adjustments than a simple open or shut gate. A Session Border Controller has some of the layer 2-4 port controls, but where they really shine is in their Layer 7 capabilities.
via 2600hz Blog • The Difference Between a Firewall and an SBC.
Network administrators who do not appreciate this sort of hole in their firewall and are worried about abuse, are left with only one option – they have to block outgoing UDP traffic, or limit it to essential individual cases. UDP is not required for normal internet communication anyway – the web, e-mail and suchlike all use TCP. Streaming protocols may, however, encounter problems, as they often use UDP because of the reduced overhead.
via How Skype & Co. get round firewalls – The H Security: News and Features.
This Linux based firewall is controlled by the program called iptables to handles filtering for IPv4, and ip6tables handles filtering for IPv6. I strongly recommend that you first read our quick tutorial that explains how to configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux. This post list most common iptables solutions required by a new Linux user to secure his or her Linux operating system from intruders.
GreenSQL is a Database Security solution.
GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy and has built in support for MySQL and PostgreSQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). Commercial version of GreenSQL supporting Microsoft SQL Server, MySQL and PostgreSQL, The GreenSQL Express version is available for FREE at GreenSQL.com database security solutions.
via | Open Source SQL Database Security, SQL Injection Prevention.
Edge10G solution is the industry’s first 10Gig Adaptive Network Access Control (Adaptive NAC) appliance that provides identity-based access to the network, controlling access at the edge via granular policies and continuous enforcement for 10Gig networks. With 10x the speed, you can also deploy the Edge10G as a Top Of Rack security solution.
via Milton Security Group – Edge Series Adaptive NAC Systems.
Untangle is a software appliance that manages every aspect of network control from content security to web caching, remote access to policy enforcement, all from one simple, drag & drop command center.
via Multi-functional Firewall Software – Open Source Content Filter & Spam Filter | Untangle.com.
pfSense Open Source Firewall Distribution – Home.
pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a PC and an Xbox to large corporations, universities and other organizations protecting thousands of network devices.
Zeroshell is a Linux distribution for servers and embedded devices aimed at providing the main network services a LAN requires. It is available in the form of Live CD or Compact Flash image and you can configure and administer it using your web browser.
via Router/Bridge Linux Firewall.
Here’s a list of downloadable files.
Get started with SputnikNet Express, the free and easy web-based management system for single-site hotspots. Click on the chalkboard icons below to see more details.
Linux: The hole trick to bypass firewall restriction.
As long as remote is behaving itself, it will send back a “port unreachable” response via ICMP – however this is of no consequence. On the second attempt
remote# echo "hello" | nc -p 53 -u local-fw 14141
The netcat listener on console local/1 then coughs up a “hello” – the UDP packet from outside has passed through the firewall and arrived at the computer behind it.