Next Generation Firewalls: It’s all about tuples

By Michael Kassner
November 28, 2011, 11:23 AM PST

Takeaway: Next-generation firewalls have been around for several years, but garnered little interest. That’s changing as first-generation firewalls aren’t keeping up.

IT professionals responsible for perimeter defenses are frustrated.

Case in point: Internet traffic of all shapes and sizes traverses port 80. Meaning, port 80 must remain open. Bad guys know this. So port 80 becomes their private malware highway. And trucks, full of malcode, drive right past the check point.

There is hope

I’d like to introduce Next Generation FireWalls (NGFW). Firewalls designed to filter packets based on applications. To continue my analogy, the trucks loaded with malcode can’t drive right past the check point, any more.

Other features incorporated in NGFWs:

  • Enforce company regulations: NGFWs are able to control user access to websites and online applications as required.
  • SSL Proxy: NGFWs are able to decrypt, inspect, and re-establish the encrypted SSL connection. This eliminates encryption as a method of hiding malware.
  • IDS/IPS: NGFWs have incorporated deep packet inspection-to the point where stand alone IDS/IPS devices are not required.
  • Active-Directory friendly: Many NGFWs are able to authorize application usage based upon individual user profiles or groups.
  • Malware filtering: NGFWs provide signature and reputation-based filtering to block malicious applications that have a bad reputation.

Click to enlarge


Palo Alto Networks was the first company to offer a NGFW. For information about NGFW requirements per Palo Alto Networks, please check out this white paper (above slide). Barracuda Networks, Juniper Networks, and WatchGuard also offer NGFW solutions.


Just about every blog post I’ve read about NGFWs mentioned tuples. I had no idea what they were. Hopefully, you do. If not, here’s what I found out.

N-tuple is a collection of attributes. And, in the case of firewalls, these attributes are used to define access requirements. N is a place holder representing the number of attributes in the list. For example, a 5-tuple “firewall allow rule” might include:

  • Source IP address
  • Source port (typically: any)
  • Destination IP address
  • Destination port (80 or 443)
  • Destination protocol (typically TCP)

So, if the packet being inspected has all of the correct attributes, the firewall will allow it to pass.

Widening the 5-tuple

I thought I was “good to go” after figuring out what a tuple was. Then I read something about “widening the 5-tuple”. Widen a tuple. Does that even make sense?

Let’s see if it does.

As mentioned earlier, a first-generation firewall rule employs a collection of 5 attributes or 5-tuple. That is sufficient to carry out stateful port and protocol inspection, Network Address Translation, and Virtual Private Network technology.

A 5-tuple rule set is not sufficient for NGFWs. Next Generation Firewalls need additional attributes such as application type and user identity in order to work as advertised. To understand why, consider the port 80 analogy, one last time.

If it’s discovered that the truck carrying malcode has an illegal license plate, the truck ain’t going anywhere. The same applies to malcode. If its license plate — “application type” attribute — is incorrect, the malcode is blocked from continuing on.

The additional attributes or tuples are “widening the 5-tuple”.

Confession time: I did not find a clear-cut explanation of how tuples relate to firewalls. But, article after article mentioned tuples. So, I jumped in. If my explanation is wrong, I hope firewall and database admins that better understand will bail me out.

Survey says

The Ponomen Institute just completed a survey of NGFWs for SourceFire, Inc. The infographic ( partially shown below) provides several interesting statistics, particularly what is driving interest in NGFWs and the percentage of respondents noticing performance degradation:

Final thoughts

The race toward sophistication between malware and antimalware continues. Stay tuned

Free Windows utilities you should download right now

Everyone who works on a Windows computer has his or her favorite system utilities. But, there are a handful of must-have tools that no Windows user or IT support pro should be without. During this week’s episode of TR Dojo, I give you a list of free Windows utilities that you should download right now.

To keep things simple, I’ve divide the list into five separate categories. And while dozens of applications may fall into each category,

1. Cleaners: CCleaner

Five tips for using Ccleaner to degunk your system
How do I … remove unwanted files with Ccleaner in one click?
Product Spotlight: CCleaner

2. Uninstallers: Revo Uninstaller

Uninstall applications from Windows with Revo Uninstaller
How do I uninstall applications from Windows with Revo Uninstaller?

3. Defragmenters: (UltraDefrag, MyDefrag, Smart Defrag, and Defraggler)

Four free defragmentation tools for power users

4. Remote support tools: CrossLoop

Take control of any Windows PC on the Internet with CrossLoop
Quick and easy remote support with CrossLoop

5. Password recovery and reset utilities: Offline NT Password and Registry Editor

Reset Windows passwords with the Offline NT Password and Registry Editor
Reset lost Windows passwords with Offline Registry Editor

Microsoft buys Skype for $8.5 billion; creates new business division

microsoft skype

The rumors were right. Microsoft announced on May 10 that it bought Skype, an Internet communications vendor, for $8.5 billion.

Instead of trying to mash Skype into an existing Microsoft business division, the company has decided to create a new, separate Skype business division, with Skype CEO Tony Bates as the newly minted President. Bates will report directly to Microsoft CEO Steve Ballmer.

In its press release announcing the deal, Microsoft played up the potential synergies between Skype and its own communications offerings, including its Lync VOIP platform, Outlook mail, Messenger instant-messaging, Hotmail Web mail and Xbox Live gaming service.

“Skype will support Microsoft devices like Xbox and Kinect, Windows Phone and a wide array of Windows devices, and Microsoft will connect Skype users with Lync, Outlook, Xbox Live and other communities. Microsoft will continue to invest in and support Skype clients on non-Microsoft platforms,”
said the release.

Microsoft offered no timetable or further details as to when and how it will make Skype available as part of any of its existing product offerings.

According to earlier reports, Microsoft was bidding against Google and Facebook for Skype. As my colleague Larry Dignan noted, the $8.5 billion Skype purchase price made for one expensive game of keepaway.

Today’s deal with Skype marks Microsoft’s largest acquisition (dollar-wise) in the history of the company. For the past couple of years, Microsoft execs seemingly had decided that Microsoft’s history of assimilating successfully its big acquisitions (aQuantive, Danger, AdECN, Bungie, etc.) was not so great, resulting in the company shying away from anything but relatively minor, targeted acquisitions

  • Xbox 360 Kinect + SkypeTV: There is already a video chat feature on the Kinect but a Skype-login and interface could encourage more people to make this a part of their Xbox experience. Skype is already on some televisions so integration with the Xbox seems to be a good fit.
  • Windows 7 OS + Nokia + Skype: This could be quite a powerful combination as more and more smartphones are equipped with front-facing cameras and make use of the 4G network, which means video calls will only become the norm on mobile devices. Plus, it gives the partners an edge against Apple’s proprietary Facetime application. Skype users are also able to send SMS messages from the Web to handsets so this could be a great bonus for future customers with Nokia phones running Windows 7.
  • MSN Messenger + Skype: Hopefully, Messenger will be replaced with Skype because IMing on Skype is a breeze but uninstalling Messenger from machines running Windows is a hassle. The combination of Messenger and Skype users will give G-Chat and Google Voice some competition (perhaps to finally roll out to more countries)
  • Outlook + Skype: By integrating your Skype contacts with your email address book to make voice and video calls, Microsoft is looking to the beefed up Outlook to better compete with Gmail/G-Chat/Google Voice.
    MS Lync, Xbox Live + Skype: These new groups will expand Skype’s user base, according to the press release.

Last night, AllThingsD reported that Microsoft dealmaker Charles Songhurst was key in helping Microsoft CEO Steve Ballmer broker the Skype deal. Interestingly, Songhurst also was credited with helping convince the Microsoft brass to call off the Yahoo acquisition.

Microsoft Office 2010 Filter Pack Released

With the retail availability of Office 2010 just a couple of days ago Microsoft has released the official and final filter pack which has been updated to include the new file formats in the newest version of Office.

So what is the filter pack?

The Microsoft Filter Pack is a single point-of-distribution for Office IFilters. IFilters are components that allow search services to index content of specific file types, letting you search for content in those files. They are intended for use with Microsoft Search Services (Sharepoint, SQL, Exchange, Windows Search).

Install this product if you want to search for content in the file types listed below.

The Filter Pack includes:

* Legacy Office Filter (97-2003; .doc, .ppt, .xls)
* Metro Office Filter (2007; .docx, .pptx, .xlsx)
* Zip Filter
* OneNote filter
* Visio Filter
* Publisher Filter
* Open Document Format Filter

System Requirements

* Supported Operating Systems: Windows 7; Windows Server 2003 Service Pack 2; Windows Server 2008 R2; Windows Server 2008 Service Pack 2; Windows Vista Service Pack 1; Windows XP Service Pack 2; Windows XP Service Pack 3

The Microsoft Filter Pack requires the Microsoft Search Service.

Download the Microsoft Office 2010 Filter Packs

Office 2013 details surface on the web

Hot on the heels of the official worldwide release of Office 2010 yesterday, details have surfaced on the next version of the award winning suite – Office 15, or its likely name, Office 2013.

Microsoft Kitchen is reporting that they located a PDF file hosted on a Microsoft-partner owned server, describing details regarding next version of Microsoft Office.

“By the time Office 2010 was released, some Microsoft Engineers had already begun work on the next version (code-named Office 15).”

Microsoft Kitchen also noted that a few Microsoft Employee’s have been writing information about products they are working on, into their LinkedIn profiles – Josh Leong has written on his LinkedIn profile that he is:

“Designing the new visual & interaction experience for Office 15.”

And Ben Gable’s profile says he has:

“Designed major new feature to be introduced in Office 15”

The post notes that there are other new changes that have been mentioned across the web, such as Office Mobile 15 being considered in the planning, that Collaboration is a key point in Office 15, and it should see an Improved Automation Framework. The UI change comes as quite odd, considering the effort Microsoft has put into the ribbon, and the integration they have built into Windows 7 and it’s built in applications, so it is very unknown how large the change could be.

It’s best to remember though, that these details can likely change, and this is very early in the lifecycle – considering Office 2010 was just released, it’s likely not many other details will emerge for a while.

Microsoft’s Office Web Apps go Live

Anyone keeping up with Microsoft Office news in the past year knows about Office Web Apps. With Office 2010, Microsoft has promised the world a free version of its world dominating office productivity suite via the web browser. Unlike traditional versions of Office, Web Apps will live in the cloud and have limited functionality. As of yesterday, the new service has gone live to the public.

On the Windows Team Blog, Microsoft has officially launched Web Apps for everyone in the US, UK, Canada, and Ireland. It is also accessible to other countries as well, just not yet in their native language. Web Apps is built around your personal SkyDrive, which gives you 25 GB of free online storage space for all of your documenting needs. With the desktop version of Office 2010, documents can also be saved to your SkyDrive, then revisited and shared online through your web browser. This makes accessing your personal files on-the-go a cinch. Web Apps also allows multiple people to collaborate on a single document simultaneously, while still maintaining a version history in case you ever need to go back in time. You can even view your saved documents on most smartphones.

At, you are greeted with your typical Windows Live ID login screen. Once inside, you will see the ability to create Word documents, Excel spreadsheets, PowerPoint presentations, or OneNote notes. You can also upload existing files from your PC, making the move to SkyDrive an easy one. If using a Silverlight enabled browser, you will gain the additional ease of dragging and dropping your files directly from your PC into SkyDrive.

Microsoft Download Manager for Windows

The Microsoft Download Manager enables you to download files from the Internet in a more reliable and faster way than using a browser alone.

Using the Download Manager makes it easier to download large files such as an application or multimedia files.

The Download Manager has been specifically designed to Manage file downloads from supporting Microsoft Web sites in a secure and reliable way.

Once started, the Download Manager displays an easy¬to-use interface that shows the status of downloads and enables you to resume downloads if they have failed.

The Microsoft Download Manager currently supports downloads from Web addresses starting with http://.

The Microsoft Download Manager requires one of the following operating systems: Windows XP SP2, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2008, and supports the following Web browsers: Windows Internet Explorer 6, 7, 8 & Mozilla Firefox 2, 3.

Free eBook : Career Ideas from Microsoft

Microsoft is offering a free ebook: Own Your Future: Update Your Skills with Resources and Career Ideas from Microsoft, by Katherine Murray.

The ebook contains eight chapters and an appendix describing how you can assess and build your technology-based job skills.

In this book, students will find a wealth of Microsoft resources they can use to identify the technology skills they need, and gather knowledge and experience to help them take charge of their careers.

These resources will open doors to learning that will lead students to better opportunities and a deeper understanding of the way technology continues to change and improve the ways people work—both here in the U.S. and around the world.

Download Own Your Future: Update Your Skills with Resources and Career Ideas : XPS format | PDF format.

Microsoft Boasts 90,000,000 Windows 7 Sold

Windows 7: Over 90 Million Served.

Even when Windows 7 launched into a warm reception (and brisk sales), Microsoft didn’t reveal exact sale numbers for its new OS – until today.

Microsoft CFO Peter Klein announced at the Morgan Stanley Technology, Media & Telecom Conference that Windows 7 has sold 90 million licenses to-date.

Up until recently, Microsoft’s company line when boasting about Windows 7 sales is that is the fastest selling operating system in history, but without any accompanying number.

Microsoft Wants Internet Tax to Keep PCs Clean

Healthcare reform for PCs.
While speaking at the RSA security conference in San Francisco, Microsoft Corporate Vice President for Trustworthy Computing Scott Charney told attendees that the technology industry needs to change in the way its approaches security issues.

The speech comes at the heels of Microsoft’s recent attempt to shut down the Waledac botnet through the court system. Microsoft has also spent millions to combat hackers and their devious programs slipping through minuscule OS and browser cracks.

«I actually think the health care model… might be an interesting way to think about the problem,» Charney said. PCWorld reports that he made references to government aide such as those provided by the Department of Social Services and the Department of Health, both of which provide healthcare programs to qualified Americans. Naturally, these are also funded by taxpayer dollars.

Borrowing the idea from the government, an Internet healthcare plan would inspect a computer and quarantine the «sick.» This would be ideal because, according to Charney, when a PC is infected with malware, it’s not only infecting the user, but contaminating friends and families at the same time–much like an epidemic.

But to make an Internet PC healthcare plan work, the system would need funds. «Maybe markets will make it work,» Charney said, possibly referring to ISPs. «You could say it’s a public safety issue and do it with general taxation.»

General taxation could work as an additional fee in a monthly subscription bill. The money generated from the «taxation» would fund an ISP-supplied software suite that provides malware, anti-virus, and firewall protection. However many ISPs already offer internal or re-branded software for free to subscribers, renewing once a year.

The installation of software suites provided by ISPs is not mandatory.

Windows 7 Anti-Piracy Update Now Live

New patch checks for more activation hacks.
Earlier this month, we detailed that Microsoft was prepping a Windows 7 Update that would improve Windows Activation Technologies to detect more than 70 known and potentially dangerous activation exploits.

Those paying attention to their Windows Update will see that the patch KB971033 is now live. It’s not explicitly named anything to do with Windows Activation Technologies, as it’s simply termed as an «Update for Windows 7.»

Microsoft previously pointed out that this update is completely voluntary and users can decline the update when it appears (though we can’t imagine why legitimate users would worry). Of course, if a hack or exploit is found, Windows 7 will alert the user by removing the desktop background and pop up periodic reminders of just how non-genuine it is feeling.
Read more about the patch here.

Microsoft Help: How to Install, Reinstall, Upgrade or Uninstall Windows

Install, reinstall, upgrade or uninstall Windows – a new Microsoft Windows webpage providing information for when you need to Install, Reinstall, Upgrade, or Uninstall Microsoft’s Windows. (Thanks Chris)

INSTALL WINDOWS:  If you’re installing Windows for the first time on a new computer and you don’t have any existing version of Windows to remove, upgrade, or replace.  To install Windows and keep an earlier version of Windows on your computer, click on: Install Multi-boot

Install Windows XP or Install Multi-boot
Install Windows Vista or Install Multi-boot
Install Windows 7 or Install Multi-boot (More Info)


Talking about Hidden Windows 7 Media Center Options

Hidden Windows 7 Media Center Options

/nostartupanimation – disables the startup animation
/noshutdownui – removes the shutdown item from Tasks
/mediamode – start in “media only mode” with no minimize/close buttons
/widescreen – force widescreen mode
/nochrome – launch windowed mode without the containing window
/playallmusic – Play all music at startup
/playfavmusic – Play favorite music at startup
/playfavslideshow – Play favorite slideshow at startup
/playfavslideshowwithmusic – Same as above with music
/playslideshow – Play all slideshows
/playslideshowwithmusic – Same as above with music
/screensaver – Start media center in screensaver mode
/configuress – Start media center at configuring screen saver menu

To enable these switches, right click the Media Center shortcut you’d like to modify and enter the switches you’d like to enable in the target input box.

Multiple switches can be enabled by entering multiple switches separated with a space in the target input. Now launching your Windows 7 Media Center through this particular shortcut will open the program just the way you like.

Movie Maker: YouTube publishing issue now resolved

It came to our attention late last week that a change was made on resulting in a failure to publish movies directly from Windows Live Movie Maker.  The change was minor and behind-the-scenes, but unfortunately it did affect Movie Maker and the way it authenticates with the YouTube service for a set of our users.  This change wasn’t specific to Movie Maker – some other applications and websites that connect to YouTube were also affected.

Once users let us know, we alerted the YouTube team who promptly rolled out an update to the service, restoring the ability to publish from Movie Maker.  At this time, Movie Maker users shouldn’t have difficulty publishing directly to YouTube.  Thanks to the YouTube team for being great partners and turning this around so quickly!

Those of you on the Windows Live Answers site were also very helpful in raising this problem to our attention.  This is exactly what we had hoped people would use the new forums for – so thanks to everyone who helped raise this issue!

– The Windows Live Movie Maker team

New 10 Windows7 Themes

th_265624In Windows 7, Microsoft has included a new desktop customization feature called Aero Themes which enables users to customize the desktop wallpaper with a matching glass color, screensaver, icons and sound scheme of their choice.

Here is a collection of different Windows 7 themes including the ones from the final RTM Build of Windows 7.

Installation Instructions: Double click the downloaded .themepack file to install it. These themes will only work on Windows 7.



Protecting you PC using Windows built in Features and Software

safteyOften we find our computers to be infected with virus and malware.   We believe we need to buy and install expensive anti virus and internet security software programs. Yes, I do agree it’s a good way too. But it’s not feasible for everyone of us to buy and use these programs. We have some built in software programs within our windows operating system which would help us not to get infected in most of cases when we use the internet. This article will discuss in detail about them. if you have not done enabling these built in programs, do it, so that you can be safe (How much is safe always an argument).

I have heard people say to me the following statements when I tell them “My computer is infected often from the internet”.

  1. Use LINUX dont use windows
  2. Use other internet browsers like Firefox, Safari and not Internet explorer
  3. Download free anti Virus Software
  4. Download free anti Malware Programs
  5. Install this little program as a plug-in
  6. Use internet PC scanning software’s once in a while; if virus is found delete that file

Everyone cannot use linux, it’s not for desktops, well as it is today ! (maybe in the future). Most of the programs that we install and use are developed for windows and not for Linux. 80% of the internet users use Internet explorer, meaning 80% of the web is best programmed to view and use in Internet explorer. Free this and free that, well lets not talk about it a lot. So we have windows in our PC and our browser is Internet Explorer.

Now the fact is the above mentioned options are not bad. Practically everyone of them is not posssible. Even though it’s advisable to buy an security programs for your computer, windows being an operating system has some software’s that will try to protect itself for its own self defense (As we will do something to protect ourselves even thought we are not karate black belts). If we could just enable/turn on/use these, we have some basic protection from spyware, viruses, identity theft and spam. Also we have to acknowledge the fact  that windows Operating system is developed by Microsoft, they do know what “the system is” (They might not be black belts in karate but they have passed first 5 levels).

Therefore the basic security Features built by them will work.

So lets do something about it.

1.Always keep your firewall turned on.

Firewall will work like your security guard in your office, its not easy to get past him without a proper Identity card. Windows has one of the good firewall software that is available. If you have not done it this is how you have to do. Here is something more to it. A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

         To turn on Internet Connection Firewall:

  1. Point to Control Panel, double-click Network and Internet Connections, and then click      Set up or change your home or small office network.
  2. Follow the steps in the Network Setup Wizard to turn on the Internet Connection Firewall.
  3. 2. Keep your operating system up-to-date with updates from Microsoft.

    Microsoft constantly finds out bugs/hacks/security issues and gives out patches which   are     available over the internet for download. If we are up-to-date then we are as safe as   any Microsoft computer used in Microsoft itself. These are critical updates that we would have to have in our PC. There is no point having a virus removed after its infected, why don’t we just stop it?. If you are using windows Vista here is the way to receive automatic updatesII. If you are using windows XP here is the way to receive automatic updates

    Now we have done some basic part of securing our computer lets do some other things that are available with Microsoft Windows.

  1. Download Windows Defender                   
                        This is a free antispyware software for Windows XP SP2  and its a integrated part of Windows Vista. Windows Defender is software that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer. Visit here for more information about installing and using it
  2. Download Malicious Software Removal Tool            
                      This tool work with windows and it searches  for infections by specific, prevalent malicious software. Microsoft releases an updated version of this tool on the second Tuesday of each month. Get more information and donwload it from here.
  3. Download Windows SteadyState 
                       This is a free tool that can be downloaded. Our personal computers are not just used by us. It’s used by our family and friends. Due to some reason other users may change some setting or download and use certain programs, use the control panel and change vital settings. Now to stop all this and make sure your Computer work with the best settings and no change is done we can give users specifc rights to access programs. So that everyone does not have access to everything. More info vist here.
  4. Download Microsoft Phishing Filter                                                                                                     This is Phishing way a by which fake web sites ask uses to give personal information like name, address, credit card number, bank account number. There is a big list of websites of this kind. We will not know all the sites, good news is that IE7 has this feature built in. So we just have to download and install Internet Explorer 7. follow these steps to enable anti phishing. One important point is we always have to install the new version of the browser, because it will help us safe guard against such things. Old browsers will have many faults, all those will be corrected and enhanced in there new versions. if you are ready to try out Internet Explorer 8 which is not officially released, try it but its not a complete software.
    Microsoft has understood that antivirus is something very essential as a part of an operating system. They would be giving out free anti virus program for all to be installed. But that’s coming only by late 2009.

Do safe guard your computer by using these options. Help our operating system to perform better and safe guard yourself.

Windows 7 : Remote Server Administration Tools for Windows 7

Windows 7 : Remote Server Administration Tools for Windows 7

Remote Server Administration Tools for Windows® 7 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server® 2008 R2, Windows Server® 2008, or Windows Server® 2003, from a remote computer that is running Windows 7.It includes support for remote management of computers that are running either the Server Core or full installation options of Windows Server 2008 R2, and for some roles and features, Windows Server 2008. Some roles and features on Windows Server 2003 can be managed remotely by using Remote Server Administration Tools for Windows 7, although the Server Core installation option is not available with the Windows Server 2003 operating system.

Download : Remote Server Administration Tools for Windows 7