NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SmartDefense or not

  • To: [email protected]
  • Subject: Re: [FW-1] SmartDefense or not
  • From: Frank Darden <[email protected]>
  • Date: Tue, 22 Oct 2002 08:55:23 -0400
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcJ5wB4w+mgLLdWEROGuh1jJ+PN1vwACOYWg
  • Thread-topic: [FW-1] SmartDefense or not
In order to use SmartDefense you must upgrade to NG. Sorry!  The base Smartdefense package is free, for 1000.00 per enforcement point you can get an update subscription. On 4.1, you can cover some of this ground by enabling CPMAD (Malicious Activity Detection) which does work under 4.1. Sorry I couldn't find any public info on how to do this. If you look in your conf directory, there will be a file called cpmad.conf This file holds the settings for CPMAD. I believe that if you check the release notes from previous 4.1 service packs, you can get specific information on how to set CPMAD up.


Frank


-----Original Message-----
From: Jan Egeriis [mailto:[email protected]]
Sent: Tuesday, October 22, 2002 7:33 AM
To: [email protected]
Subject: [FW-1] SmartDefense or not

I have been reading a little on the CheckPoint SmartDefense datasheet. Basically it look very nice, but....

I am currently running FW-1 4.1 SP3 on Solaris 7, and I don't want to upgrade either of them.
Will SmartDefense run on this platform?

http://www.checkpoint.com/products/protect/smartdefense_attack_defeated.html says:
Denial of Service DoS Attacks
- SYN Flood
- LANd
IP Attacks
- IPSpoofing
- IPFragmentation
- Illegal and Malformed Packets
Web and Application Vulnerabilities
- DNS Attacks
- Protocol Non-compliance
- Application-specific Vulnerabilities
- Trojan Horses
- Back Door and Remote Administration
- Mobile Code (Java, JavaScript, Active-X)
- Hidden File Extensions
Network Probing
- Port Scanning
- Service Scanning

I need to have the original source ip adresses in my webserver log files, so I cannot use the HTTP Security Servers because of the proxy functionality.
If I do not use the SmartDefense HTTP Security Servers, I guess I will loose all the "Web and Application Vulnerabilities" ?!?

Then all this is left:
- SYN Flood
- LANd
- IPSpoofing
- IPFragmentation
- Illegal and Malformed Packets
- Port Scanning
- Service Scanning

There is already some IPSpoofing and SYN Flood defense in the basic FW-1, so what I will pay for is:
- LANd
- IPFragmentation
- Illegal and Malformed Packets
- Port Scanning
- Service Scanning

Correct ???
Will it be totally overkill to buy SmartDefense ???
Is there another product I should look at?

best regards
Jan

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.