Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Hardening of OS

To: "Brian Tan Wee Beng" <[email protected]>, <[email protected]>
Subject: Re: [FW1] Hardening of OS
From: "Craig Skelton" <[email protected]>
Date: Sat, 17 Mar 2001 23:40:51 -0800
References: <[email protected]>
Sender: [email protected]

His comments about the interaction is true. I guess he assumes that you are
doing inbound or eitherbound inspection :)

So what happens when the ruleset is not purfect? What about during the boot
process? What about if FW1 crashes? What if somebody leaves a terminal
logged in? What about during the install process? What if somebody manages
to figure out a mangement ip/range? What happens if your workstation gets
compromised?

Even if you assume that FW1 will protect it fully, then what happens during
the boot? If you have remote firewalls and you set them to not forward
packets during boot, then you better be able to get someone on the console
if the policy d/l or boot process fails.

I'd go as far as only allowing console access if possible. SSH2 and not
telnet should be a no brainer, VPN or not.

I'd take the time if I were you. But then, I'm worried about Van Eck
phreaking, so that gives you some context.

Cheers,
Craig

----- Original Message -----
From: "Brian Tan Wee Beng" <[email protected]>
To: <[email protected]>
Sent: Sunday, March 18, 2001 4:40 AM
Subject: [FW1] Hardening of OS


>
> hi...
>    I was having a disussion with a engineer on hardening the OS and he say
> that actually there's not a need to harden it since the inspection module
is
> sitting on the kernel level.This means that all packets will be processed
by
> the module before they reach the OS.If the packets do not pass inspection,
> they are either dropped or rejected according to the rule base.So is it
> true???
>
> Cheers
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Hardening of OS
  - From: "Brian Tan Wee Beng" <[email protected]>

Prev by Date: Re: [FW1] Hardening of OS
Next by Date: Re[2]: [FW1] RADIUS Setup
Previous by thread: Re: [FW1] Hardening of OS
Next by thread: Re: [FW1] Hardening of OS
Index(es):
- Date
- Thread