Ads 468x60px

Featured Posts

22 July 2019

Outdoor Wireless Link



I studied IT engineer in Extremadura where I had to take lots of maths subjects. I also took subjects about application development and operating systems. All of them were interesting. However, today, I’m mainly working with networking and security. I only took one subject about security, it was optional, and I also took two subjects about networking, but I think it’s enough to take the plunge to do networking and security projects because we have to keep studying day in day out. For instance, I didn’t take any subject about Wireless Links but I had to study how they work and how to configure them.

I’ve already had the luck of working on two projects about Wireless Links. One of them was to broadcast free WiFi in a small town and the other one was to connect several buildings in the middle of the countryside. Two interesting projects. These days, I’m working on a new project to connect two buildings because there is no Internet connectivity in one of them. Therefore, I have to plan an Outdoor Wireless Link where I have to take into account the distance between buildings as well as the Line of Sight (LoS), Fresnel zone, fade margin, frequency, channel width, signal-to-noise ratio (SNR), etc.

Outdoor Wireless Link

There are software which are very useful for planning outdoor wireless links such as Radio Mobile and AirLink. These software help us to choose features such as frequency, channel width, etc. For instance, we’ll have to choose a free frequency or a licensed frequency. If we want to use a free frequency in 2,4 GHz or 5 GHz, we’ll have to configure an EIRP accordingly to the country where we are going to install the wireless link. However, if we want to use a licensed frequency, we’ll have to require that license to the government.

AirLink

These software also help us to know if there is Line of Sight (LoS) between sites. This is very important because LoS allow us to know if the wireless link will be successful. However, if there is no LoS, we won’t know the wireless link performance during the planning phase. For instance, if there is a partial obstruction with a mountain, there could be attenuation, reflection or refraction. It’s also important to highlight how low frequencies can propagate to great distances with little attenuation.

Line of Sight - LoS

When we are going to choose an access point to install a wireless link, we also have to take into account what is the network going to be used for because VoIP traffic has not the same network requirements than Data traffic. For instance, VoIP traffic needs 50 PPS while Video streaming traffic needs 1000 PPS.

TCP-IP Packet
To sum up, there are lots of technical features we should know before installing an outdoor wireless link. The Line of Sight, frequencies, channel width, etc should be studied carefully to install a wireless link successfully. Therefore, if we want an efficient and reliable wireless link, we’ll have to study these concepts at University or by ourselves.

Regards my friends. Drop me a line with the first thing you are thinking!

15 July 2019

FortiWeb - SQLi Test



I’ve already written a lot about Web Application Firewall (WAF). I think these appliances are useful for securing web applications in layer 7 from sophisticated attacks such as XXE attacks or CSRF attacks. In fact, I’ve already deployed, installed and configured several WAF appliances such as F5 BIG-IP ASM and AWS WAF. However, I had never deployed, installed and configured the Fortinet FortiWeb WAF appliance till last week.

Fortinet FortiWeb is a Web Application Firewall which has many more web security features than Fortinet FortiGate to block Web Application Attacks. For instance, FortiWeb can be configured with Machine Learning to protect web applications from known and unknown exploits. Therefore, FortiWeb defends applications from known vulnerabilities and from zero-day threats. I think, FortiWeb is easy to manage and configure like any other Fortinet family appliance. In addition, Fortinet Security Fabric can also interoperate with FortiWeb.

There are lots of network topologies to deploy a WAF. On the one hand, we should always deploy a WAF after the Network Firewall, so that WAF is between the firewall and web servers. WAF and IPS are not the same. Most network firewall have an IPS which is useful to block layer 3 attacks such as IP Spoofing Attacks or DoS Attacks. However, WAF is useful to block layer 7 attacks. Therefore, we should block layer 3 attacks before layer 7 attacks.

FortiGate + FortiWeb

On the other hand, we should deploy a WAF before the load balancer, so that WAF is between the load balancer and the clients. There are two main reasons for this deployment. Firstly, we don’t have to balance WAF devices thus we’ll balance real servers. Secondly, HTTP requests will correctly appear to originate from the real client’s IP address, not (due to SNAT) your load balancer.

FortiWeb + FortiADC
 
These are two recommendations for planning the network topology. However, we have to take into account another one. We should know the router mode and the one-arm mode. The router mode is the topology where real servers gateway is the WAF, therefore, there is no SNAT but we need a new network to deploy the WAF between real servers and the network firewall. The one-arm mode is easier to deploy because we don’t need a new network but SNAT configuration is required, therefore, the X-Forwarder-For (XFF) header have to be enabled to know the client’s IP addresses.

One-arm mode topology
 
FortiWeb is easy to configure and manage. If we want to configure a basic security policy to defend a web application, we’ll have to configure a server pool, a virtual server and a server policy. Firstly, the server pool is the real servers which are going to be defended. Secondly, the virtual server is the WAF IP address which is going to listen HTTP/S requests. Finally, the server policy is the security configuration to defend the server pool in the virtual server IP address. For instance, we can watch a basic security configuration in the next video to defend a web application from a SQLi attack.


select * from users where LAST_NAME = ‘” + userName + “’”;
select * from users where LAST_NAME = ‘Lim’ OR ‘1’=’1’”;

Regards my friends. Have a nice day!
Related Posts Plugin for WordPress, Blogger...

Entradas populares