[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] SmartDefense or not
In order to use SmartDefense you must upgrade to NG. Sorry! The base Smartdefense package is free, for 1000.00 per enforcement point you can get an update subscription. On 4.1, you can cover some of this ground by enabling CPMAD (Malicious Activity Detection) which does work under 4.1. Sorry I couldn't find any public info on how to do this. If you look in your conf directory, there will be a file called cpmad.conf This file holds the settings for CPMAD. I believe that if you check the release notes from previous 4.1 service packs, you can get specific information on how to set CPMAD up. Frank -----Original Message----- From: Jan Egeriis [mailto:[email protected]] Sent: Tuesday, October 22, 2002 7:33 AM To: [email protected] Subject: [FW-1] SmartDefense or not I have been reading a little on the CheckPoint SmartDefense datasheet. Basically it look very nice, but.... I am currently running FW-1 4.1 SP3 on Solaris 7, and I don't want to upgrade either of them. Will SmartDefense run on this platform? http://www.checkpoint.com/products/protect/smartdefense_attack_defeated.html says: Denial of Service DoS Attacks - SYN Flood - LANd IP Attacks - IPSpoofing - IPFragmentation - Illegal and Malformed Packets Web and Application Vulnerabilities - DNS Attacks - Protocol Non-compliance - Application-specific Vulnerabilities - Trojan Horses - Back Door and Remote Administration - Mobile Code (Java, JavaScript, Active-X) - Hidden File Extensions Network Probing - Port Scanning - Service Scanning I need to have the original source ip adresses in my webserver log files, so I cannot use the HTTP Security Servers because of the proxy functionality. If I do not use the SmartDefense HTTP Security Servers, I guess I will loose all the "Web and Application Vulnerabilities" ?!? Then all this is left: - SYN Flood - LANd - IPSpoofing - IPFragmentation - Illegal and Malformed Packets - Port Scanning - Service Scanning There is already some IPSpoofing and SYN Flood defense in the basic FW-1, so what I will pay for is: - LANd - IPFragmentation - Illegal and Malformed Packets - Port Scanning - Service Scanning Correct ??? Will it be totally overkill to buy SmartDefense ??? Is there another product I should look at? best regards Jan ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|