Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: FW appliance comparison - Seeking input for the forum
From: Dave Piscitello <dave () corecom com>
Date: Wed, 01 Feb 2006 14:29:40 -0500

Paul Melson wrote:
-----Original Message-----
Subject: Re: [fw-wiz] FW appliance comparison - Seeking input for the forum

Though i think people who buy Checkpoint stuff are somehow
non-representative (i think if one tried that with, say, Cyberguard,
we'd see completely different picture) the results are still scary. Damn
scary. That means 80% firewalls could be thrown off with
no further harm to security.
I'd agree that choosing a different product customer set would probably
yield different results, but I'm not sure that Check Point is going to be
worse than others.  In fact, experience tells me that the small/medium IT
shops out there that still have their NetScreen-10 or their PIX 510 with the
same rule set and software on it for 3+ years are even more likely to have
flawed configs.

Many SMBs have barebones policies. What I commonly see:

- default ANY outbound
- inbound http to a Port address translated web server
- inbound telnet/ssh to some 3rd party application server
  (e.g., vacation rental software on SCO boxes with credit card DBs ;-(
- logging to the localhost (appliance) which rolls the logs
  (no long term store)
- default admin account, same password today as configured day 1
- IPsec using IKE AG mode with PSK

Attachment: dave.vcf

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]