Bugtraq mailing list archives
Response: Stateful Inspection of FireWall-1
From: Scott Walker Register <scott.register () US CHECKPOINT COM>
Date: Thu, 17 Aug 2000 10:22:55 -0800
Below are some additional pieces of information relevant to the original "Stateful Inspection of FireWall-1" posting. 1. Additional information about these issues may be found at http://www.checkpoint.com/techsupport/alerts 2. Service packs which address all of these issues may be downloaded at www.checkpoint.com/techsupport. Please read the relevant release notes. 3. Several of the referenced vulnerabilities rely on manually editing the control.map file to weaken authentication. This kind of reconfiguration is not and has never been recommended by Check Point. Specifically, Check Point does not recommend using "127.0.0.1: */none" in control.map; and FWN1 is not supported, documented, or recommended as an alternative to the standard FW-1 inter-module authentication and encryption mechanisms (S/Key and FWA1 are supported, and FWA1 is strongly recommended). ---------------------------------------------------------------- Scott.Register () us CheckPoint com || FireWall-1 Product Manager Check Point Software Technologies, Inc. 2255 Glades Road / Suite 324A \ Boca Raton, FL 33431 Voice: 561.989.5418 | Fax: 561.997.5421 | 08/17/00 10:22:55 ----------------------------------------------------------------
Current thread:
- Response: Stateful Inspection of FireWall-1 Scott Walker Register (Aug 18)