Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Response: Stateful Inspection of FireWall-1

From: Scott Walker Register <scott.register () US CHECKPOINT COM>
Date: Thu, 17 Aug 2000 10:22:55 -0800
Below are some additional pieces of information relevant to the original
"Stateful Inspection of FireWall-1" posting.

1. Additional information about these issues may be found at
   http://www.checkpoint.com/techsupport/alerts
2. Service packs which address all of these issues may be downloaded
   at www.checkpoint.com/techsupport.  Please read the relevant release
   notes.
3. Several of the referenced vulnerabilities rely on manually editing
   the control.map file to weaken authentication.  This kind of reconfiguration
   is not and has never been recommended by Check Point.   Specifically,
   Check Point does not recommend using "127.0.0.1: */none" in control.map;
   and FWN1 is not supported, documented, or recommended as an alternative
   to the standard FW-1 inter-module authentication and encryption mechanisms
   (S/Key and FWA1 are supported, and FWA1 is strongly recommended).


----------------------------------------------------------------
Scott.Register () us CheckPoint com  ||  FireWall-1 Product Manager
               Check Point Software Technologies, Inc.
2255 Glades Road    /    Suite 324A     \  Boca Raton, FL  33431
Voice: 561.989.5418 | Fax: 561.997.5421  |   08/17/00   10:22:55
----------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: