mailing list archives
Re: Firewall-1 Security Advisory
From: mnemonix () GLOBALNET CO UK (Mnemonix)
Date: Tue, 27 Oct 1998 09:47:36 -0000
From: Paul Sears <Paul_Sears () NACM COM>
To: BUGTRAQ () NETSPACE ORG
Subject: Re: Firewall-1 Security Advisory
Date: Monday, October 26, 1998 8:58 PM
Diligence Risks wrote:
Diligence Security Advisory
Issue: Checkpoint's Firewall-1 has a "feature" that can allow an
intruder to pass through the firewall and attack machines, unihibited,
the protected side.
This is documented in the administration guide and CCSE training
classes also cover these.
According to Check Point sources this is undocumented. Having also read
through the CCSE manuals the only thing close to a caveat I can find is the
(CCSA manual- Page 5-49 - Configuring Control Properties)
Currently, the most common errors during implementation of Firewall-1 are
made in the Control Properties. The reason for these errors are:
1) Misunderstanding the importance of direction when packets are inspected,
2) Misunderstanding of how the Control Properties and the Rule Base
Matching Order work together.
So the closest thing to a warning, comes not in the manuals that come with
the software - but you have to pay to go on a course for this info. I may
be wrong about this - if you know of any other place where this is
documented please let me know.
Information Security Specialist