|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: FW-1 technical strength
cbrenton (cbrenton
sover.net)
Mon, 28 Dec 1998 11:45:22 -0500 (EST)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Matthew D. White: "PIX Firewall - Static NAT Entries"
- Previous message: Neil Buckley: "Re: Ports 256,257,258 open on FW-1"
- In reply to: jgalvincs.loyola.edu: "RE: Ports 256,257,258 open on FW-1"
- Next in thread: Kevin Steves: "Re: FW-1 technical strength"
On Sat, 26 Dec 1998 jgalvincs.loyola.edu wrote:
> I agree that these settings should be known by knowledgeable
> administrators, but to issue a security advisory against them is too
> strong;
I have to disagree. A default firewall config that will pass inbound
traffic *and* do so without logging deserves the high public attention
that is only provided by an advisory. Its not like CP has taken action to
resolve the issue.
> these settings are useful in some environments.
Again, I have to disagree. I can not think of too many situations which it
is appropriate to allow inbound traffic without a log entry.
> They are also
> documented as capabilities of the machine, not as bugs.
I don't even want to go there... ;)
Cheers,
Chris
-- ************************************** cbrenton* Multiprotocol Network Design & Troubleshooting http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet * Mastering Network Security http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
- Next message: Matthew D. White: "PIX Firewall - Static NAT Entries"
- Previous message: Neil Buckley: "Re: Ports 256,257,258 open on FW-1"
- In reply to: jgalvincs.loyola.edu: "RE: Ports 256,257,258 open on FW-1"
- Next in thread: Kevin Steves: "Re: FW-1 technical strength"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:12:11 CDT