mailing list archives
Re: Firewall-1 Security Advisory
From: jhorn1 () STARFIRE CI TUCSON AZ US (John Horn)
Date: Wed, 28 Oct 1998 08:03:59 -0700
I took the Firewall-1 course and this was most definitely not covered.
As it happens, we filter bi-directionally and do not appear to be
affected by this but it is nice to know.
On Tue, 27 Oct 1998, Mnemonix wrote:
From: Paul Sears <Paul_Sears () NACM COM>
To: BUGTRAQ () NETSPACE ORG
Subject: Re: Firewall-1 Security Advisory
Date: Monday, October 26, 1998 8:58 PM
Diligence Risks wrote:
Diligence Security Advisory
Issue: Checkpoint's Firewall-1 has a "feature" that can allow an
intruder to pass through the firewall and attack machines, unihibited,
the protected side.
This is documented in the administration guide and CCSE training
classes also cover these.
According to Check Point sources this is undocumented. Having also read
through the CCSE manuals the only thing close to a caveat I can find is the
(CCSA manual- Page 5-49 - Configuring Control Properties)
Currently, the most common errors during implementation of Firewall-1 are
made in the Control Properties. The reason for these errors are:
1) Misunderstanding the importance of direction when packets are inspected,
2) Misunderstanding of how the Control Properties and the Rule Base
Matching Order work together.
So the closest thing to a warning, comes not in the manuals that come with
the software - but you have to pay to go on a course for this info. I may
be wrong about this - if you know of any other place where this is
documented please let me know.
Information Security Specialist
Unix Systems Administrator
City of Tucson, Tucson Arizona
jhorn1 () starfire ci tucson az us