Firewall Wizards mailing list archives

RE: Ports 256,257,258 open on FW-1

From: "Scot Anderson" <scot () sectek com>
Date: Thu, 24 Dec 1998 18:05:47 -0500

 
It is interesting to observe the difference between organizations and how
they approach this.  I would suggest that a lack of due diligence on the OS
installation/configuration, i.e. restricting services and resources, would
be a good indication where *not* to shop for firewall support.

But then, the Eagle Raptor folks make this part of their offering -
including specialized software components dedicated to the monitoring of
processes operating in the system.  Not to forget other cool toys like
tripwire and such.

Scot Anderson
IT Division, SecTek Inc.
http://www.sectek.com|<mailto:scot () sectek com>

-----Original Message-----
From: owner-firewall-wizards () nfr net
[mailto:owner-firewall-wizards () nfr net]On Behalf Of
jgalvin () cs loyola edu
Sent: Thursday, December 24, 1998 8:03 AM
To: Wayne Miyamoto
Cc: firewall-wizards () nfr net
Subject: RE: Ports 256,257,258 open on FW-1

Jenn:
Very few FW vendors discuss much about how to harden the OS running the
FW. The Checkpoint SysAdm course covers mostly how to manage FWs and
policies, not
much on OS configs. One of the best ways to verify your OS config and FW
is to run
a good scanner against it.  I always run an "as designed" scan, then
harden down the
FW/OS in conjunction with the customer policy.  It helps take guess work
out and
add consistency to the FW design.


      Issueing
      a security advisory on a default setting is not a discussion of
      security or  OS
      hardening, it's a misrepresentation of widely known information.

      The reason OS configs and hardening is not covered in a Checkpoint
      training class is that Firewall-1 is a software package.
Checkpoint does
      issue it as a
      firewall, true, but it is common knowledge that, unless you buy a
      dedicated hardware platform, like Nokia, most of  the default
      settings on
      your workstation (which are also widely known information) will
      be a problem from a security standpoint.

      Should we next issue a security advisory for all the default
      settings on an out-of-box install for Solaris, like NT?  How about
      default settings in general?

      A security advisory is meant for a loophole in a package that is
      supposed to NOT do what the advisory states.  Checkpoint
      Firewall-1 has the capability to either reject or accept the types
      of connections specified in the Properties window, depending on
      the user preference.  So the security advisory in question is only
      a misrepresentation of widely known information.

Regards,
Jenn

Current thread:

Re: Ports 256,257,258 open on FW-1, (continued)
- Re: Ports 256,257,258 open on FW-1 Peter J. Cherny (Dec 15)
- Re: Ports 256,257,258 open on FW-1 Lart (Dec 15)
  - RE: Ports 256,257,258 open on FW-1 Joe Ippolito (Dec 18)
- Re: Ports 256,257,258 open on FW-1 mark s. kassem (Dec 12)
- RE: Ports 256,257,258 open on FW-1 Houser David DW (Dec 14)
- Re: Ports 256,257,258 open on FW-1 Ryan Russell (Dec 14)
- Re: Ports 256,257,258 open on FW-1 Bruce B. Platt (Dec 18)
  - Re: Ports 256,257,258 open on FW-1 jgalvin (Dec 22)
    - RE: Ports 256,257,258 open on FW-1 Bruce B. Platt (Dec 24)
- RE: Ports 256,257,258 open on FW-1 jgalvin (Dec 24)
  - RE: Ports 256,257,258 open on FW-1 Scot Anderson (Dec 26)
  - Re: Ports 256,257,258 open on FW-1 Neil Buckley (Dec 28)
- RE: Ports 256,257,258 open on FW-1 Moser, Stefan (Dec 29)