Firewall Wizards mailing list archives
RE: Ports 256,257,258 open on FW-1
From: "Scot Anderson" <scot () sectek com>
Date: Thu, 24 Dec 1998 18:05:47 -0500
It is interesting to observe the difference between organizations and how they approach this. I would suggest that a lack of due diligence on the OS installation/configuration, i.e. restricting services and resources, would be a good indication where *not* to shop for firewall support. But then, the Eagle Raptor folks make this part of their offering - including specialized software components dedicated to the monitoring of processes operating in the system. Not to forget other cool toys like tripwire and such. Scot Anderson IT Division, SecTek Inc. http://www.sectek.com|<mailto:scot () sectek com>
-----Original Message----- From: owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net]On Behalf Of jgalvin () cs loyola edu Sent: Thursday, December 24, 1998 8:03 AM To: Wayne Miyamoto Cc: firewall-wizards () nfr net Subject: RE: Ports 256,257,258 open on FW-1Jenn: Very few FW vendors discuss much about how to harden the OS running the FW. The Checkpoint SysAdm course covers mostly how to manage FWs and policies, not much on OS configs. One of the best ways to verify your OS config and FW is to run a good scanner against it. I always run an "as designed" scan, then harden down the FW/OS in conjunction with the customer policy. It helps take guess work out and add consistency to the FW design.Issueing a security advisory on a default setting is not a discussion of security or OS hardening, it's a misrepresentation of widely known information. The reason OS configs and hardening is not covered in a Checkpoint training class is that Firewall-1 is a software package. Checkpoint does issue it as a firewall, true, but it is common knowledge that, unless you buy a dedicated hardware platform, like Nokia, most of the default settings on your workstation (which are also widely known information) will be a problem from a security standpoint. Should we next issue a security advisory for all the default settings on an out-of-box install for Solaris, like NT? How about default settings in general? A security advisory is meant for a loophole in a package that is supposed to NOT do what the advisory states. Checkpoint Firewall-1 has the capability to either reject or accept the types of connections specified in the Properties window, depending on the user preference. So the security advisory in question is only a misrepresentation of widely known information. Regards, Jenn
Current thread:
- Re: Ports 256,257,258 open on FW-1, (continued)
- Re: Ports 256,257,258 open on FW-1 Peter J. Cherny (Dec 15)
- Re: Ports 256,257,258 open on FW-1 Lart (Dec 15)
- RE: Ports 256,257,258 open on FW-1 Joe Ippolito (Dec 18)
- Re: Ports 256,257,258 open on FW-1 mark s. kassem (Dec 12)
- RE: Ports 256,257,258 open on FW-1 Houser David DW (Dec 14)
- Re: Ports 256,257,258 open on FW-1 Ryan Russell (Dec 14)
- Re: Ports 256,257,258 open on FW-1 Bruce B. Platt (Dec 18)
- Re: Ports 256,257,258 open on FW-1 jgalvin (Dec 22)
- RE: Ports 256,257,258 open on FW-1 Bruce B. Platt (Dec 24)
- Re: Ports 256,257,258 open on FW-1 jgalvin (Dec 22)
- RE: Ports 256,257,258 open on FW-1 jgalvin (Dec 24)
- RE: Ports 256,257,258 open on FW-1 Scot Anderson (Dec 26)
- Re: Ports 256,257,258 open on FW-1 Neil Buckley (Dec 28)
- RE: Ports 256,257,258 open on FW-1 Moser, Stefan (Dec 29)