[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Re: Boson FW-1 Admnistrator Exam
> I have reviewed the Boson test and found that it was horrible. I wouldn't > use it to blow my nose on. I am writing an HTML test right now. It will be > done by the end of the week for CCSA and hopefully CCSE material. The > information for tests I am writing comes directly from Check Point's eval > Admin Guide and I cite pages as well as just answers. The test will not be > based off of Check Points tests, but it will cover all of Firewall-1. I > will ask specific people to review and add material as well. > > As a Check Point test review team member I cannot provide anything not > specifically documented as public knowledge as I know all of the actual test > questions. However, my work will be cited directly from their manuals and > not from my memory or from the actual tests. > > Stay tuned. > > ----- Original Message ----- > From: "Lance Spitzner" <[email protected]> > To: <[email protected]> > Sent: Wednesday, January 17, 2001 8:25 AM > Subject: [FW1] Boson FW-1 Admnistrator Exam > > > > > > Recently, I was asked a question about a "Boson" > > FW-1 Administrator exam. I have no idea what this > > exam is, nor who sponsors it. However, if the > > material quouted below is true, then this question > > greatly disturbs me. I wanted to know if anyone > > else has ran into this. > > > > --- snip snip --- > > > > I have always thought that it is necessary to harden the OS for the > > firewall > > server. However, I was doing the Boson Checkpoint FW-1 Administrator > > practice exams when I came across this question: > > > > Question: Why is it unnecessary for Firewall-1 to harden the OS? > > > > Answer: Firewalls that do not analyze the packet until it gets to the > > application layer need to protect themselves from the lower layer > > attacks. > > Firewall-1 protects itself by analyzing all the layers of the packet. > > Therefore it is unncessary for the administrator to harden the OS for > > Firewall-1 server. > > > > Is this true???? > > > > --- snip snip --- > > > > This is absolutely NOT true. If an exam is making these assumptions, > > then it shows that the author has a total lack of security knowledge. > > No firewall is impervious to vulnerabilities, Bugtraq demonstrates this > > again and again. Also, base OS armoring protects the firewall against > > rulebase or administrative misconfigurations. I highly recommend OS > > armoring for all firewalls, regardless of the vendor. Part of security > > is reducing risk at all levels. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|