Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SmartDefense or not

To: [email protected]
Subject: Re: [FW-1] SmartDefense or not
From: Samuel Wuethrich <[email protected]>
Date: Tue, 22 Oct 2002 14:44:00 +0200
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

))> I have been reading a little on the CheckPoint SmartDefense
))datasheet.
))> Basically it look very nice, but....
))>
))> I am currently running FW-1 4.1 SP3 on Solaris 7, and I
))don't want to
))> upgrade either of them. Will SmartDefense run on this platform?
))>
))[...]
))
))>
))> There is already some IPSpoofing and SYN Flood defense in the basic
))> FW-1, so what I will pay for is:
))> - LANd
))> - IPFragmentation
))> - Illegal and Malformed Packets
))> - Port Scanning
))> - Service Scanning
))
))
))You forgot to subtract the MAD (malicious activity detection)
))that's built into CKP-FW1 (but not accessible from GUI). MAD
))detects/defends:
))        - Syn-Attacks
))        - Spoofing attempts (for local interfaces, too)
))        - portscan detection
))        - blocked ports scan detection
))        - login failures
))        - fast repeated connects
))        - land attacks
))
))So you're only left with
))        - IPFragmentation
))        - Illegal and Malformed Packets
))
Plus Security Server issues like how long a valid URL can be, if only ASCII
code is allowed, how many mx lookups the firewall catch, if the recipient
should have a valid domain and more, also related to other services. I'm not
sure, but a lot of these settings are already known and available through
dbedit  or GUI-dbedit in the firewall database. A part of Smartdefense
includes MAD (section called successive Events. The service works only under
NG and is free. You'll pay only the subscription for future exploits which
should the firewall detect.

SAM

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Lost all the content of the GUI manager!
Next by Date: [FW-1] Blackice vs SmartDefense
Previous by thread: Re: [FW-1] SmartDefense or not
Next by thread: Re: [FW-1] SmartDefense or not
Index(es):
- Date
- Thread