RE: Checkpoint's Firewall-1 (v2.0)

Vos, Arjan (Vos.Arjan@kpmg.nl)
Thu, 9 Jan 1997 09:18:49 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Patrick Meighen: "Re: Potential for more internet attacks"
Previous message: owner-ids@uow.edu.au: "Re: Security & Hackerscene site"

Check out the firewalls mailing list archives. Last year (somewhere in
november) I was doing a penetration test and audit on FW-1 and could
break the FW. Though it was not a bug in FW-1 it had something to do
with it's complex configuration in that specific case. But the thread
contains interesting discussions any how.

[ IDS Moderator: The article was posted on Friday 8th Nov. ]

In general I find the rule base of FW-1 somewhat confusing. Any time you
change a rule we had to regenerate the base. When you forget that, the
rule won't work. This can be awesome when during some strange events or
attack you want to change some rules on the fly. What I would recommend
is to explicitly define filters and do not use the rule base (BTW, the
rule base contains some config options for default services such as
ICMP, DNS, finger, etc...)

If you need any help, do not hesitate to contact me,

Arjan Vos
KPMG EDP Auditors
>----------
>From:  Liew[SMTP:p-lliew@acslink.aone.net.au]
>Sent:  dinsdag 7 januari 1997 13:35
>To:    ids@uow.edu.au
>Subject:       Checkpoint's Firewall-1 (v2.0)
>
>I'm doing an audit on the security adequacy of our corporation's firewall
>and proxy servers.  Does anyone know much about Checkpoint's Firewall
>product?  Has it got any known shortcomings? I'll be grateful if someone
>could send me some details?
>
>[ Moderator Note: You might also like to try the firewalls mailing list 
>firewalls@GreatCircle.com ]
>
>Thanks.
>

Next message: Patrick Meighen: "Re: Potential for more internet attacks"
Previous message: owner-ids@uow.edu.au: "Re: Security & Hackerscene site"