Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: FW appliance comparison - Seeking input for the forum

Re: FW appliance comparison - Seeking input for the forum

From: R. DuFresne <dufresne_at_sysinfo.com>
Date: Thu, 2 Feb 2006 17:34:50 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 1 Feb 2006, Dave Piscitello wrote:

> Paul Melson wrote:
>> -----Original Message-----
>> Subject: Re: [fw-wiz] FW appliance comparison - Seeking input for the
>> forum
>>
>>> Though i think people who buy Checkpoint stuff are somehow
>> non-representative (i think if one tried that with, say, Cyberguard,
>>> we'd see completely different picture) the results are still scary. Damn
>> scary. That means 80% firewalls could be thrown off with
>>> no further harm to security.
>> I'd agree that choosing a different product customer set would probably
>> yield different results, but I'm not sure that Check Point is going to be
>> worse than others. In fact, experience tells me that the small/medium IT
>> shops out there that still have their NetScreen-10 or their PIX 510 with
>> the
>> same rule set and software on it for 3+ years are even more likely to have
>> flawed configs.
>
> Many SMBs have barebones policies. What I commonly see:
>
> - default ANY outbound
> - inbound http to a Port address translated web server
> - inbound telnet/ssh to some 3rd party application server
> (e.g., vacation rental software on SCO boxes with credit card DBs ;-(
> - logging to the localhost (appliance) which rolls the logs
> (no long term store)
> - default admin account, same password today as configured day 1
> - IPsec using IKE AG mode with PSK

All those nasty windows ports and protocols 138-139, 445, 5000, etc
passing in both directions, etc...

Thanks,

Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant: sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD4okOst+vzJSwZikRAqkFAJ9Kis49cKRsmnUKvXpA1KF4RfwXNgCgpiXJ
XF7E7QWzXeeqZWPRRCJrPx0=
=jiVk
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 02 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]