Sorry I may know a lot of the basics but that doesnt mean I know anything at all in this industry (its not real/practical knowledge).
I'm still wanting to learn more about security appliances so that I can feel confident about the security of my equipment.
I heard a long time ago that Cisco released signatures for their layer 7 CBAC firewall to detect unwanted signatures in packets.
On my TIK, I see that Under IP > Firewall it has a place for Layer 7 signatures. Where can i get these sigs so that I can apply them?
P.S.
I just now noticed I had IPv6 enabled, but had no IPv6 firewall configured... that couldve been bad!?
My WAN router(my DSL modem) is always detecting what looks like Legitimate attacks but I dont know how to detect that with my internal MikroTik router? Thanks
Re: L7 signatures?
Here is some information and some layer7 signatures that you can use.
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/L7
http://l7-filter.sourceforge.net/protocols
Keep in mind that the Mikrotik is not designed to do sniffing at layer7, to do so is very costly CPU wise, and so if you want to do any of it, you need to be very selective as to what you would like. It's not a UTM device, so don't expect virus detection.
As for IPv6, it depends on if you are getting IPv6 from your ISP or not. If not, then it's probably not an issue. You can always disable IPv6 on the router if desired.
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/L7
http://l7-filter.sourceforge.net/protocols
Keep in mind that the Mikrotik is not designed to do sniffing at layer7, to do so is very costly CPU wise, and so if you want to do any of it, you need to be very selective as to what you would like. It's not a UTM device, so don't expect virus detection.
As for IPv6, it depends on if you are getting IPv6 from your ISP or not. If not, then it's probably not an issue. You can always disable IPv6 on the router if desired.