[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Firewall
Sorry their public documentation is pretty poor - at least what I found. They have a claim of dynamic packet filtering. It is not clear whether this product uses a shim driver that passes packet to a fw component for comparison against a filter list (i.e.,if it the fw died would that inherently stop the ability for the box to pass packets.) Also, if IPFORWARDING in the kernel is disabled as the default I would guess that all would be well with the exception that the box itself might not be shielded from attacks - that should be where the a low level shim would be reasonable. I still would say the devil may be in the details. Any idea why this box is not ICSA certified - after all it is MS and $$$ aren't exactly limited. At 12:25 PM 9/29/00 +0300, you wrote: > >MS Proxy fails closed. If correctly configured it never routes packets - IP >forwarding disabled on OS level. It's Proxy after all :-) >BTW I'm not starting religious wars about Proxy based vs. Packet filtering >Firewalls > >-----Original Message----- >From: Tony Miedaner [mailto:[email protected]] >Sent: Thursday, September 28, 2000 23:11 >To: Carl T >Cc: [email protected] >Subject: Re: [FW1] Firewall > > > >Somewhat off topic but.... > >IMHO, the devils in the details. Very basically, a well designed fw >product should fail closed (passes nothing). I would suspect that MS Proxy >would have the potential to fail open. Can anyone else comment on this? > >fw-1 at a minimum passes that test. > >At 12:39 PM 9/28/00 CDT, you wrote: >> >>Hello all, >> >>Excuse me if this not the right question to ask here. >>I am new to Firewall/Proxy software. >>My question is, can I use FW-1 with Ms Proxy 2.0? >>We are using Ms Proxy right now, do we need FW-1 for a tighter security? >>Or however it work? >> >>Can someone help? >> >>Thanks in advance >> >>Carl >>_________________________________________________________________________ >>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. >> >>Share information about yourself, create your own public profile at >>http://profiles.msn.com. >> >> >> >>=========================================================================== >===== >> To unsubscribe from this mailing list, please see the instructions at >> http://www.checkpoint.com/services/mailing.html >>=========================================================================== >===== >> >> >Tony Miedaner >Network Security Engineer >Network Engineering Unit >Appliedtheory Inc. >> > >============================================================================ >==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >============================================================================ >==== > > >=========================================================================== ===== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >=========================================================================== ===== > > Tony Miedaner Network Security Engineer Network Engineering Unit Appliedtheory Inc.================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|