Date: Sun, 8 Oct 2000 02:09:28 +0200 (IST) From: Roman Shterenzon <roman@xpert.com> To: Brian Reichert <reichert@numachi.com> Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: Check Point FW-1 Message-ID: <Pine.LNX.4.10.10010080206050.9355-100000@jamus.xpert.com> In-Reply-To: <20001007133804.C54883@numachi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 7 Oct 2000, Brian Reichert wrote: > On Sat, Oct 07, 2000 at 05:49:09PM +0200, Roman Shterenzon wrote: > > Hi, > > Speaking for myself (Xpert are official ChekPoint dealer) I can say that > > although FW-1 might had some problems, it's quite good. > > It's quite secure as well (usually installed on Solaris/(sparc|i386) ) > > I've never installed it. I 'inherited' a CheckPoint box running > under Solaris, and, from an internel net had to break in to the > box to grant myself admin privs. > > I got in because UNIX services under SunOS 5.6 were misconfigured. > That's not CheckPoint's fault. But I don't think it's fair to > claim that the presence of CheckPoint makes the box secure... Again speaking for myself - I doubt that you or anybody else could have managed to break into solaris firewall I've installed (properly), unless of course there's some bug in CP fw1 which makes it possible. Of course the underlying os must be secure, and (!) the rules must be secure. The rules shouldn't have given you to talk to any service on the fw in the first place. So.. it was BADLY misconfigured. Again, I think for a commercial solution FW-1 is very good. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10010080206050.9355-100000>