Re: Firewall-1 Security Advisory

[mnemonix () GLOBALNET CO UK (Mnemonix)]

----------
> From: Paul Sears <Paul_Sears () NACM COM>
> To: BUGTRAQ () NETSPACE ORG
> Subject: Re: Firewall-1 Security Advisory
> Date: Monday, October 26, 1998 8:58 PM
>
> Diligence Risks wrote:
>
> > Diligence Security Advisory
> >
> > Issue: Checkpoint's Firewall-1 has a "feature" that can allow an
external
> > intruder to pass through the firewall and attack machines, unihibited,
on
> > the protected side.

-SNIP-


> This is documented in the administration guide and CCSE training
> classes also cover these.

According to Check Point sources this is undocumented. Having also read
through the CCSE manuals the only thing close to a caveat I can find is the
following
(CCSA manual- Page 5-49 - Configuring Control Properties)

Begin Quote

Currently, the most common errors during implementation of Firewall-1 are
made in the Control Properties. The reason for these errors are:

1) Misunderstanding the importance of direction when packets are inspected,
and
2) Misunderstanding of how the Control Properties and the Rule Base
Matching Order work together.

End Quote

So the closest thing to a warning, comes not in the manuals that come with
the software - but you have to pay to go on a course for this info. I may
be wrong about this - if you know of any other place where this is
documented please let me know.

Cheers,
David Litchfield
MCP+Internet
Information Security Specialist