|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Gauntlet 5.0 BSDI warning
Keith Young (kyoung
V-ONE.COM)
Mon, 18 Oct 1999 17:42:33 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: .rain.forest.puppy.: "Re: Update to ODBC/RDS vulnerabilities (fwd)"
- Previous message: David Schwartz: "Re: Microsoft Security Bulletin (MS99-043)"
- In reply to: Aleph One: "Microsoft Security Bulletin (MS99-043)"
First, an update. NAI has already released a fix regarding my original
e-mail. You can download it from:
http://www.tis.com/support/patch50.html
Thanks to NAI support for getting a fix out so quickly.
Strange wrote:
>
> According to the folks we asked at NAI in June about the Gauntlet install
> procedure (on all supported OSes), the install order to be used is:
>
> Install OS
> Install OS patches
> Install Gauntlet
> Install Gauntlet patches
> never install any OS patches again
True, but many people install the firewall then the OS vendor releases a
patch.
> Because of that last nasty gotcha, we use a firewall builder box when we
> want to "patch" the firewalls. We then pull the newly-built drives, and
> swap them into the extant firewall box. Lather, rinse, repeat.
You are a stronger person than I... I wouldn't want to have to keep
securing the OS on a box and "reinstalling" the firewall everytime the
OS/firewall vendor releases an important patch... :-)
> Interestingly, this is what the vendor told us to *always* do, under *all*
> circumstances. I'd say that if you're going to apply vendor patches, you
> should assume you have to do a full Gauntlet reinstall because Gauntlet
> 5.0 replaces some key kernel items.
See above....
> I.e., a vendor patch replaced code that the gauntlet had already replaced.
Exactly.
> I am wondering if this is *really* a Gauntlet bug or a Gauntlet vendor
> documentation bug.
Which is why the word "bug" never appeared in the original alert. Had
the M310-049 patch not been required for the kernel patch install, very
few of us would have run into the problem.
> (they do not, as far as we could tell, make it plain that you
> should not apply vendor patches after installing the firewall)
Not exactly true. Look here:
http://www.tis.com/support/bsd31.html
--Keith
-kyoungv-one.com
- Next message: .rain.forest.puppy.: "Re: Update to ODBC/RDS vulnerabilities (fwd)"
- Previous message: David Schwartz: "Re: Microsoft Security Bulletin (MS99-043)"
- In reply to: Aleph One: "Microsoft Security Bulletin (MS99-043)"
This archive was generated by hypermail 2.0b3 on Tue Oct 19 1999 - 13:55:32 CDT