Web Application Firewall placement in the network.

Web application firewall (WAF) is not an alternative to Next Generation firewall, security is best archived in layers and WAF provides an extra layer of protection to your web server and applications. It is recommended to place your WAF appliance behind the perimeter Next Generation firewall and in front of your web server farm.

Internet <—–> Next Generation Firewall <——> Web Application Firewall <——> Web Server Farm & Internal Network.

Good references:

http://www.imperva.com/waf/

http://www.imperva.com/resources/videos.asp

McAfee Enterprise Firewall Virtual Appliance for Free.

McAfee offers a 30 day free evaluation copy of their Enterprise firewall as a virtual appliance. If you are considering replacement from traditional firewalls to Next Generation firewalls you should check it out.

reference.

http://go.mcafee.com/firewallvirtual_eval.cfm

Juniper knowledge base search plugin for Firefox

Juniper has a plugin for Firefox that can be used for easy search of their knowledge base articles.

Go to http://kb.juniper.net and click on ‘Install Search Engine PlugIn’

Command to find REALM for Kerberos Authentication in Cisco ASA firewalls

To find the REALM for configuring Kerberos authentication, run the following DOS command on your domain controller and hit enter

set USERDNSDOMAIN

ThIS output is needed when configuring Cisco ASA firewalls clients for Kerberos authentication

ASA CLI configuration example:

aaa-server KerberosGroup protocol kerberos
aaa-server KerberosGroup (inside) host 192.1.1.100
kerberos-realm XYZ.MYDOMAIN.COM