RE: SGS 5400 firewalls

["Paul Melson" <pmelson () gmail com>]

-----Original Message-----
Subject: Re: SGS 5400 firewalls

> Hi Paul,
>
> I am not so sure about that restriction on external access to port 2456. I
believe it comes > open to any of the interfaces (could be wrong on that).
;)

The setup wizard prevents this by default.  I can conceive of some instances
where this is done either accidentally or intentionally, but it's not the
default in either case.  And under no circumstances should SGMI be open to
the wide world.  If it is, that's a finding.


> Also, if the box is running SGS 3.0, SSH server used is the open standard
- you can connect 
> to it by using any SSH client. (comes disabled by default).

The 5400's shipped with v2.0.1.  They can be upgraded to 3.0, but as I
understand it only the 5600's and 1600's actually arrive with 3.0 already on
them.


PaulM



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------