|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Ports 256,257,258 open on FW-1
Scot Anderson (scot
sectek.com)
Thu, 24 Dec 1998 18:05:47 -0500
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Darren Reed: "Re: FW-1 technical strength"
- Previous message: Joseph S D Yao: "Re: SecureID vendors?"
- In reply to: David Lang: "RE: SecureID vendors?"
- Next in thread: Neil Buckley: "Re: Ports 256,257,258 open on FW-1"
It is interesting to observe the difference between organizations and how
they approach this. I would suggest that a lack of due diligence on the OS
installation/configuration, i.e. restricting services and resources, would
be a good indication where *not* to shop for firewall support.
But then, the Eagle Raptor folks make this part of their offering -
including specialized software components dedicated to the monitoring of
processes operating in the system. Not to forget other cool toys like
tripwire and such.
Scot Anderson
IT Division, SecTek Inc.
http://www.sectek.com|<mailto:scotsectek.com>
> -----Original Message-----
> From: owner-firewall-wizardsnfr.net
> [mailto:owner-firewall-wizardsnfr.net]On Behalf Of
> jgalvincs.loyola.edu
> Sent: Thursday, December 24, 1998 8:03 AM
> To: Wayne Miyamoto
> Cc: firewall-wizardsnfr.net
> Subject: RE: Ports 256,257,258 open on FW-1
>
>
>
>
> > Jenn:
> >Very few FW vendors discuss much about how to harden the OS running the
> >FW. The Checkpoint SysAdm course covers mostly how to manage FWs and
> >policies, not
> >much on OS configs. One of the best ways to verify your OS config and FW
> >is to run
> >a good scanner against it. I always run an "as designed" scan, then
> >harden down the
> >FW/OS in conjunction with the customer policy. It helps take guess work
> >out and
> >add consistency to the FW design.
>
> Issueing
> a security advisory on a default setting is not a discussion of
> security or OS
> hardening, it's a misrepresentation of widely known information.
>
> The reason OS configs and hardening is not covered in a Checkpoint
> training class is that Firewall-1 is a software package.
> Checkpoint does
> issue it as a
> firewall, true, but it is common knowledge that, unless you buy a
> dedicated hardware platform, like Nokia, most of the default
> settings on
> your workstation (which are also widely known information) will
> be a problem from a security standpoint.
>
> Should we next issue a security advisory for all the default
> settings on an out-of-box install for Solaris, like NT? How about
> default settings in general?
>
> A security advisory is meant for a loophole in a package that is
> supposed to NOT do what the advisory states. Checkpoint
> Firewall-1 has the capability to either reject or accept the types
> of connections specified in the Properties window, depending on
> the user preference. So the security advisory in question is only
> a misrepresentation of widely known information.
>
> Regards,
> Jenn
>
>
>
>
>
>
>
>
>
- Next message: Darren Reed: "Re: FW-1 technical strength"
- Previous message: Joseph S D Yao: "Re: SecureID vendors?"
- In reply to: David Lang: "RE: SecureID vendors?"
- Next in thread: Neil Buckley: "Re: Ports 256,257,258 open on FW-1"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:12:11 CDT