Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Firewall-1 Security Advisory
From: mnemonix () GLOBALNET CO UK (Mnemonix)
Date: Tue, 27 Oct 1998 09:47:36 -0000

From: Paul Sears <Paul_Sears () NACM COM>
Subject: Re: Firewall-1 Security Advisory
Date: Monday, October 26, 1998 8:58 PM

Diligence Risks wrote:

Diligence Security Advisory

Issue: Checkpoint's Firewall-1 has a "feature" that can allow an
intruder to pass through the firewall and attack machines, unihibited,
the protected side.


This is documented in the administration guide and CCSE training
classes also cover these.

According to Check Point sources this is undocumented. Having also read
through the CCSE manuals the only thing close to a caveat I can find is the
(CCSA manual- Page 5-49 - Configuring Control Properties)

Begin Quote

Currently, the most common errors during implementation of Firewall-1 are
made in the Control Properties. The reason for these errors are:

1) Misunderstanding the importance of direction when packets are inspected,
2) Misunderstanding of how the Control Properties and the Rule Base
Matching Order work together.

End Quote

So the closest thing to a warning, comes not in the manuals that come with
the software - but you have to pay to go on a course for this info. I may
be wrong about this - if you know of any other place where this is
documented please let me know.

David Litchfield
Information Security Specialist

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]