Tag: DFW

Posted on

Secure Your VMware Environment: Block SMB v1 with vDefend

A conversation about SMB protocol and how vDefend Firewall can help to Block legacy SMB protocols in a VCF or vSphere environment.

CuriousTechie: Hello IT Guy! I am trying to improve the security posture of my VMware SDDC Environment and block SMB version 1. Can I do it using vDefend firewall?

ITGuy: Absolutely! You can do it for the whole environment or very selectively for specific workloads. You can have the full flexibility and control over the traffic pattern using vDefend Firewall.

CuriousTechie: Alright but I do have a challenge. I have few legacy systems in the environment. They still use UDP port 137, 189, and TCP port 139 for NetBIOS services. Thus blocking these ports is not really an options for me.

Continue reading “Secure Your VMware Environment: Block SMB v1 with vDefend”
Posted on

The Role of vDefend NDR in Protecting VMware SDDC Environments

A conversation about understanding the use and importance of vDefend Network Detection and Response.

CuriousTechie: Hello IT Guy! In the previous discussion here we talk about SSP(Security Services Platform) and the features we can activate/run on SSP. Can you help me understand how does the feature Network Detection & Response(NDR) actually detects and responds to threats?

ITGuy: That’s a very interesting feature!!!! When you activate NDR it does NOT actually Detects and Responds to any threats!!!

CuriousTechie: What???? Really???? Then what does it do????

Continue reading “The Role of vDefend NDR in Protecting VMware SDDC Environments”
Posted on

Understanding VMware’s Security Services Platform (SSP)

A brief discussion about understanding vDefend Security Services Platform

CuriousTechie: Hello IT Guy! I have been hearing about a new product in VMware’s portfolio called SSP – Security Services Platform. Can you help me understand what is this product?

ITGuy: Sure! Have you worked with NAPP ( NSX Application Platform) ? And how was your experience working with NAPP?

CuriousTechie: Yes! I have deployed and used NAPP after having a conversation with you here. To be honest, it was fun but little tough to deploy. It required some Kubernetes knowledge and had a lot of dependencies. Also an air gap deployment was very challenging.

ITGuy: SSP is the successor of NAPP but its exponentially easy to deploy without any major dependency. vDefend Security Services Platform represents a next-generation solution for visualizing and managing vDefend Security within VMware Cloud Foundation (VCF). It is designed to deliver a high-performance, scalable platform that efficiently operates various vDefend security services.

Continue reading “Understanding VMware’s Security Services Platform (SSP)”
Posted on

Understanding vDefend Firewall Directionality

A brief discussion about understanding directionality in vDefend Firewalls

CuriousTechie: Hello IT Guy! I have been playing around different options of implementing vDefend Distributed Firewalls. I see an option of Direction in the firewall rules (In-Out). Can you help me understand how does that work?

ITGuy: Sure! The direction in the rule is always with context to the VM(workload).

Rule Direction = In = Traffic will be allowed/disallowed to enter the VM = Ingress to the VM

Rule Direction = Out = Traffic will be allowed/disallowed to exit the VM = Egress from the VM

CuriousTechie: Then why do we have the default as In-Out?

Continue reading “Understanding vDefend Firewall Directionality”
Posted on

Understanding ALGs with vDefend Distributed Firewall

A brief discussion about Application Level Gateways and their use with vDefend Distributed Firewall

CuriousTechie: Hello IT Guy! I am implementing Distributed Firewall in my SDDC environment. I have created a DFW rule to allow FTP access on TCP port 21, users are able to login to FTP server but not able to move files around. Can you help me to troubleshoot this issue?

ITGuy: Sure! Can you show me the DFW rule you have created for the FTP access?

CuriousTechie: Here is the rule

ITGuy: The problem is evident! You are using a normal TCP port instead of an ALG.

Continue reading “Understanding ALGs with vDefend Distributed Firewall”
Posted on

Monitoring vDefend Distributed Firewall Operations

In this short conversation we will talk about monitoring the operations of a vDefend Distributed Firewall implementation.

CuriousTechie: Hello IT Guy! We had a conversation about implementing micro-segmentation here. I began implementing micro-segmentation in our VMware Software Defined Data Center(SDDC) environment using vDefend Distributed Firewall. Multiple engineers work simultaneously to implement the rules and secure their respective applications. I am looking for a way to audit these operations to detect any unintended rule creation, modification or deletion. Can you help me with some pointers to monitor these activities?

ITGuy: In my honest opinion, logs are your best friend when you want to monitor DFW operations. You can very well customize what you want to monitor and how? You can choose dashboards for certain activities and alerts for critical activities.

CuriousTechie: What tools will I need to build these dashboards and alerts?

ITGuy: Some very common ones are vRealize LogInsight aka Aria Operation for Logs here, Splunk here etc. You can use any other log aggregator of your choice to do this.

Continue reading “Monitoring vDefend Distributed Firewall Operations”
Posted on

Demystifying Security Terminologies: Zero Trust, Micro Segmentation, and vDefend

A candid conversation about security terminologies in the buzz of current security industry.

CuriousTechie: Hello IT Guy, I am just starting my journey in the IT security industry. I am confused about a few terminologies like Zero Trust, Micro Segmentation, vDefend, DFW, etc. Can you please help me to wrap my head around these to build a better understanding?

ITGuy: Sure, I can help you with that. Let’s follow a Top to Down approach to build the understanding.

CuriousTechie: Okay, what is actually the top layer of this security product?

ITGuy: All of these terms are NOT part of a single security product!!

Let’s start from Zero Trust, Zero Trust is NOT a security product! It is a Concept with various definitions and it is subject to interpretations. Let’s talk about the below definition!

“Zero Trust is a security model that ensures data and resources are inaccessible by default. Users can only access them on a limited basis under the right circumstances, known as least-privilege access.”

Continue reading “Demystifying Security Terminologies: Zero Trust, Micro Segmentation, and vDefend”
Posted on

Quick Steps: Viewing DFW Rule Creation/Modification Time – Browser API Calls

A short conversation on how to run API calls on Browser to check the time of DFW rule creation or modification time!

CuriousTechie: Hello IT Guy, I need to check the time of creation and modification of a Distributed Firewall rule. Is there a quick way to check these details in the browser itself.

ITGuy: Yes it is doable but depends on the browser, what browser do you use?

CuriousTechie: Currently I am using Mozilla Firefox for this environment, will it be possible to get this data out of the box without any extension or plugins?

ITGuy: Yes sure, let’s login to your NSX manager UI and will show you how to get this information.

CuriousTechie: Here is my NSX manager Policy UI and I need to find the time of creation/modification details of rule number 2024.

Continue reading “Quick Steps: Viewing DFW Rule Creation/Modification Time – Browser API Calls”
Posted on

NSX Intelligence: Checking Applied Rules on a VM

A short conversation on how to check the applied Distributed Firewall Rules on a VM by using NSX Intelligence!!

CuriousTechie: Hello IT Guy, during our last conversation here we discussed about three ways to check applied DFW rules but you did mention there is another way to check the rules, can we talk about that?

ITGuy: Sure ! You can leverage Security Intelligence aka NSX intelligence to validate the rules applied on a VM.

CuriousTechie: I have been using Security Intelligence to get flow information and recommendations but never seen how to check applied rules using it, can you show me?

ITGuy: Sure !

  1. Go to Plan & Troubleshoot
  2. Go to Discover & Take Action
  3. On the Top bar Select Computer -> Search and select the VM that you want to check the applied rules.
  4. Right click the VM -> Go to Related Firewall Rules
  5. You will see all the rules applied on that particular VM
Continue reading “NSX Intelligence: Checking Applied Rules on a VM”
Posted on

3 Ways to Verify Applied Distributed Firewall Rules on a VNIC

A short conversation on how to check the applied Distributed Firewall Rules on a vnic!!

CuriousTechie: Hello IT Guy, I am working on a project to implement DFW rules in an environment and often need to check exactly what firewall rules are applied on a vnic, is there a way to do that?

ITGuy: Sure ! We can talk about three different ways to do that and we can talk about pro’s and con’s of each.

CuriousTechie: Okay cool!

ITGuy:

  • From NSX UI
  • From ESXi Host shell
  • From ARIA Operations for Networks aka vRNI
Continue reading “3 Ways to Verify Applied Distributed Firewall Rules on a VNIC”