Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] CERT Advisory and SecuRemote

To: "Patrick Lotti" <[email protected]>, <[email protected]>
Subject: RE: [FW1] CERT Advisory and SecuRemote
From: "C. Regis Wilson" <[email protected]>
Date: Fri, 13 Jul 2001 07:17:03 -0700
Importance: Normal
In-reply-to: <[email protected]>
Sender: [email protected]

Plus, as I've always noted, you need to use a packet filter in
front of and behind your firewall as a safeguard.  You can use
your routers as packet filters, if you're wary of new hardware.
The one behind your firewall should be a mean, stupid piece of
hardware that only allows certain inbound packets.  RDP problem?
No problem.  Any any [service] allow problem?  No problem.

Sort of like a "firewall sandwich with packet filter bread and
fast ethernet mustard".  No pickles, please.

--Regis

> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On Behalf Of
> Patrick Lotti
> Sent: Wednesday, July 11, 2001 11:43 PM
> To: '[email protected]'
> Subject: Re: [FW1] CERT Advisory and SecuRemote
>
>
>
> No, there's no problem with "any firewall [service] allow" rules.
> (Ok, it's possible to attack your firewall with many IKE requests,
> and RDP packets. But there's no way to send data through the firewall,
> from any source to any destination.)
>
> I just wondered why there was an "any any rdp allow" rule in the
> implied rules, as everybody nows that "any any [service] allow"
> is a bad idea and can be always avoided. So I just disabled the
> implied rules, not thinking to open up a case...
>
> With or without patch, stupid guys (in this case the developers)
> can always add "any any [service] allow" rules to the rulebase,
> and fw-1 won't even complain about such rules. I think the next
> patch should completely reject such rules.
>
> Patrick
>
>
> ==================================================================
> ==============
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==================================================================
> ==============
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- Re: [FW1] CERT Advisory and SecuRemote
  - From: Patrick Lotti <[email protected]>

Prev by Date: [FW1] Hardware Based IDS
Next by Date: Re: [FW1] Firewall-1 on IPSO 3.3
Previous by thread: Re: [FW1] CERT Advisory and SecuRemote
Next by thread: RE: [FW1] CERT Advisory and SecuRemote
Index(es):
- Date
- Thread