Gaus:
I did have some negative things to say about Firewall-1. Most were in
a parapgraph toward the end, which was removed by the magazine's staff
so the story would finish on that page (aren't magazines great!):
[The deleted paragraph]
FireWall-1 drops source routed packets
by default, which is good for security, but may be bad if you need to use
source routing to contact certain difficult-to-reach sites. Other firewall
implementations also offer improved authentication using one-time passwords--
something FireWall-1 currently does not support. Finally, the nice GUI-
interface could lead a novice system administrator into a false sense of
security. It is quite possible to permit potentially dangerous services,
like NFS, through CheckPoint's FireWall-1. While FireWall-1 works great with
outgoing NFS, it won't protect against incoming attacks on NFS based on improperconfiguration of computers behind the firewall.`
[End]
Rik Farrow
rik @
uworld .
com
|
|
