Barracuda Web Application Firewall, Cloud Edition: Now on Windows Azure

by Shijaz Abdulla on 16.01.2014 at 18:30

image

Barracuda Networks offers a fully scalable security solution running in Windows Azure to protect services from different types of attacks. For any projects requiring extra security Barracuda Web Application Firewall can be used for Security-as-a-Service option.

The Barracuda Web Application Firewall, Cloud Edition is the first integrated, fully scalable security solution on Windows Azure. With predefined security templates and load balancing built in, companies of all sizes can enjoy total application security with no need to learn, configure, and manage complex technology. Download the Barracuda WAF on Azure whitepaper to learn more on why application firewalls makes sense in Azure.

  • Comprehensive protection against inbound attacks – including zero-day exploits and the OWASP Top 10
  • Advanced Outbound data loss prevention (DLP) to ensure confidential data stays that way
  • Automatic security updates and virtual patching through Energize Updates to stay ahead of new and evolving threats.

“RPC Server is unavailable” error when requesting a certificate

by Shijaz Abdulla on 06.02.2010 at 00:29

While trying to request a certificate using the Certificates MMC snap-in on a computer running ISA Server, Threat Management Gateway (TMG) or Unified Access Gateway (UAG), you may encounter the following error:

“The RPC Server is unavailable”

image

This may be caused due to the RPC Filter in ISA Server/TMG. The RPC filter ensures security by monitoring RPC traffic flowing through the firewall. DCOM traffic is also dropped by this filter. However, DCOM is required to request a certificate.

To workaround this problem, disable strict RPC compliance setting on ISA Server/TMG. Here’s how to do it:

  • Right click on Firewall Policy and choose Edit System Policy .
  • Under Authentication, select Active Directory configuration group
  • Uncheck the Enforce Strict RPC Compliance option.

image

  • Click OK and apply your changes.

Of course, you will also need to create a firewall policy rule to allow all traffic from Localhost to Internal. Once you have requested the certificate you can revert these changes.

image

You can now request certificates from your ISA Server/TMG computer!

Threat Management Gateway 2010 now available

by Shijaz Abdulla on 28.11.2009 at 18:24

TMG LogoMicrosoft Forefront Threat Management Gateway has been released to market on November 16, 2009 after completing three beta releases and receiving extensive customer feedback.

You can download the trial version of Threat Management Gateway here.

From the Forefront TMG team’s blog:

“Forefront TMG is a Secure Web Gateway (SWG) that improves security enforcement by integrating multiple detection technologies such as URL filtering, Anti Malware, and intrusion prevention into a single, easy-to-manage solution. We have seen a lot of interest in the features that comprise this solution, so here is some information on what they do and how:

  • URL Filtering: URL Filtering allows controlling end-user access to Web sites, protecting the organization by denying access to known malicious sites and to sites displaying inappropriate or nonproductive materials, based on URL categories. TMG features over 80 URL categories including security-oriented categories, productivity-oriented and liability-oriented categories. Forefront TMG uses Microsoft Reputation Services (MRS), a cloud-based categorization system hosted in Microsoft data center. To ensure the best bandwidth utilization and low latency, Forefront TMG has implemented a local URL cache. There is a lot more on URL Filtering available in an earlier URL Filtering post (on the TMG blog).
  • Anti Malware: Stopping malware on the edge significantly decreases the possibility that a virus will hit a computer with anti-virus signatures that are not up-to-date or a test computer without an anti-virus to protect it. TMG has integrated the Microsoft Anti Malware engine to provide world class scanning and blocking capability on the edge.
  • Network Inspection System (NIS): NIS is a generic application protocol decode-based traffic inspection system that uses signatures of known vulnerabilities, to detect and potentially block attacks on network resources. NIS provides comprehensive protection for Microsoft network vulnerabilities, researched and developed by the Microsoft Malware Protection Center – NIS Response Team, as well as an operational signature distribution channel which enables dynamic signature snapshot distribution. NIS closes the vulnerability window between vulnerability disclosures and patch deployment from weeks to few hours.
  • In addition, HTTPS scanning has been introduced to enable inspection of encrypted sessions, eased the deployment and management with a set of easy to use wizards and significantly improved logging and reporting to provide full visibility into how your organization is accessing the web and whether it’s compliant with your organization’s policy.
  • VPN, Firewall, Email Protection and Infrastructure.
    Significant investments have been made to ensure that we keep delivering top notch VPN and Firewall functionality. We made quality improvements in Web Caching and made sure it works well with the new Windows 7 BranchCache feature. We have added several new features, among them: Email Protection, ISP redundancy, NAP integration with VPN role, SSTP, VoIP traversal (SIP support), Enhanced NAT, SQL logging and Updated TMG Client (previously known as the Firewall Client). In addition TMG was built as a native 64bit product that supports Windows Server 2008 R2, and Windows Server 2008 SP2, allowing better scalability and increased reliability.”