OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Brooks, Darrell W. (DBrooks_at_jenkens.com)
Date: Sat Oct 05 2002 - 11:58:34 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Are there a specific number of users you are looking for, asking for this
    information?

    If so add one to the list...

    Thanks,
     
     
    Darrell
     

    -----Original Message-----
    From: Birol Ertekin [mailto:biroletcnetworks.com]
    Sent: Saturday, October 05, 2002 10:20 AM
    To: Slighter, Tim; Falck, Axel (ISS Paris); Brooks, Darrell W.; Nelson
    Fernando Aranzazu; issforumiss.net
    Subject: RE: [ISSForum] RE: Configuring RealSecure to use OPSEC with FireW
    all-1

    Hi,
    I have been using Real Secure integrated with Check Point NG FP2 for months
    now. I also integrated it with our big brother monitoring system that, I can
    see any time how many IP addresses are blocked and what are those ip
    addresses.

    I'll try to send more details into the forum about this when I have time ,
    as more users are asking for it.

    Birol Ertekin
    Network Engineer,
    /etc/networks inc.

    -----Original Message-----
    From: Slighter, Tim [mailto:tslighteritc.nrcs.usda.gov]
    Sent: Friday, October 04, 2002 9:02 AM
    To: 'Falck, Axel (ISS Paris)'; Brooks, Darrell W.; Nelson Fernando
    Aranzazu; issforumiss.net
    Subject: RE: [ISSForum] RE: Configuring RealSecure to use OPSEC with
    FireW all-1

    Aside from your recommendations. Did you meet with any success getting the
    network sensor to successfully generate an OPSEC command to the NG firewall
    ?

    We setup the entire design using the -ssl to ensure the OPSEC channel was
    being used as "Authenticated" and NOT "Authenticated with encryption".
    Actually, we tried it every possible way following word for word every step
    and instruction from all documents from Checkpoint and ISS and Phoneboy and
    the OPSEC still does NOT work. If you have been able to get this to work
    successfully and witnessing actual OPSEC events in the logs as well as
    actual OPSEC changes to the rules in the firewall, please share this
    information with the mailing list. Thank you

    -----Original Message-----
    From: Falck, Axel (ISS Paris) [mailto:AFalckiss.net]
    Sent: Friday, October 04, 2002 1:02 AM
    To: Brooks, Darrell W.; Nelson Fernando Aranzazu; issforumiss.net
    Subject: [ISSForum] RE: Configuring RealSecure to use OPSEC with
    FireWall-1

    Did you tried http://www.phoneboy.com

    And so, use the -ssl option into your fwopsec putkey command on NG. Be aware
    that in any case the fwopsec putkey commanbd MUST be done in FIRST on Check
    Point, and after on RealSecure

    Hope this helps

    Axel FALCK

    -----Message d'origine-----
    De : Brooks, Darrell W. [mailto:DBrooksjenkens.com]
    Envoyé : jeudi 3 octobre 2002 23:42
    À : Falck, Axel (ISS Paris); 'Nelson Fernando Aranzazu';
    'issforumiss.net'
    Objet : RE: Configuring RealSecure to use OPSEC with FireWall-1

    I have had the same issue, and Checkpoint is no help. The doc for this from
    the ISS page has not been very helpful either. I have had to issue the
    command from my management server to the gateway in this order:

    Fw sam -v -I src <IP Address>

    Modifying the fwopsec.conf file worked well on 4.1 but not on NG.

    Two calls to ISS support yielded little help. I hope someone has a real fix
    for this...it's a feature I really miss now that we have upgraded to NG.

    Thanks,
     
     
    Darrell
     

    -----Original Message-----
    From: Falck, Axel (ISS Paris) [mailto:AFalckiss.net]
    Sent: Wednesday, October 02, 2002 12:19 PM
    To: Nelson Fernando Aranzazu; issforumiss.net
    Subject: RE: Configuring RealSecure to use OPSEC with FireWall-1

    TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
    majordomoiss.net Contact issforum-owneriss.net for help with any
    problems!
    ----------------------------------------------------------------------------

    Hello,

    if the command fw sam -i src "any_ip_address" -t60 doesn't works, the issue
    is from CheckPoint software. This command is very usefull to check the
    OPSEC implementation on FW.

    it does works event no RealSecure Installed

    Hope this Helps

    Axel FALCK

    -----Message d'origine-----
    De : Nelson Fernando Aranzazu [mailto:fernando.aranzazueqnt.com]
    Envoyé : mardi 1 octobre 2002 16:10
    À : issforumiss.net
    Objet : Configuring RealSecure to use OPSEC with FireWall-1

    Hello,

     

    I'm trying to implement OPSEC between Network Sensor 6.5 and CheckPoint
    Firewall-1 NG FP2 (installed with backward compatibility) but it doesn't
    work.

     

    I have already configured the "fwopsec.conf" file in the firewall, applied
    the keys and configured the network sensor to use OPSEC. But when I'm trying
    to test the SAM response executing "fw sam -t 60 -i any_ip_address" the
    firewall shows the follow message: "sam: Unexpected end of session. It is
    possible that the SAM request for 'Inhibit src ip any_ip_address on All' was
    not enforced."

     

    Had anybody had this kind of situation?

     

    Thanks.

    ________________________
    Nelson Fernando Aranzazu
    Administrador LAN-WAN
    Equant - Data Center
    Bogotá, Colombia.

    - JENKENS & GILCHRIST E-MAIL NOTICE - This transmission may be: (1) subject
    to the Attorney-Client Privilege, (2) an attorney work product, or (3)
    strictly confidential. If you are not the intended recipient of this
    message, you may not disclose, print, copy or disseminate this information.
    If you have received this in error, please reply and notify the sender
    (only) and delete the message. Unauthorized interception of this e-mail is a
    violation of federal criminal law.

      This communication does not reflect an intention by the sender or the
    sender's client or principal to conduct a transaction or make any agreement
    by electronic means. Nothing contained in this message or in any attachment
    shall satisfy the requirements for a writing, and nothing contained herein
    shall constitute a contract or electronic signature under the Electronic
    Signatures in Global and National Commerce Act, any version of the Uniform
    Electronic Transactions Act or any other statute governing electronic
    transactions.

    _______________________________________________
    ISSforum mailing list
    ISSforumiss.net
    _______________________________________________
    ISSforum mailing list
    ISSforumiss.net

    - JENKENS & GILCHRIST E-MAIL NOTICE - This transmission may be: (1) subject
    to the Attorney-Client Privilege, (2) an attorney work product, or (3)
    strictly confidential. If you are not the intended recipient of this
    message, you may not disclose, print, copy or disseminate this information.
    If you have received this in error, please reply and notify the sender
    (only) and delete the message. Unauthorized interception of this e-mail is a
    violation of federal criminal law.

      This communication does not reflect an intention by the sender or the
    sender's client or principal to conduct a transaction or make any agreement
    by electronic means. Nothing contained in this message or in any attachment
    shall satisfy the requirements for a writing, and nothing contained herein
    shall constitute a contract or electronic signature under the Electronic
    Signatures in Global and National Commerce Act, any version of the Uniform
    Electronic Transactions Act or any other statute governing electronic
    transactions.

    _______________________________________________
    ISSforum mailing list
    ISSforumiss.net