In article <32066928 .
1297 @
us .
checkpoint .
com> Barbara Jaarsma wrote:
>The following is Checkpoint's official response to your query re: the=20
>InfoWorld article. -Barb
>
>Dear Check Point Resellers & Customers,
>
>A product comparison of firewall products which included CheckPoint
>FireWall-1 appeared in the July 29 issue of InfoWorld magazine. While
>the review was overall highly favorable, it incorrectly stated that
>during the system boot process, the system is vulnerable to attack. We
>would like to assure you that this information is inaccurate and that we
>reached agreement with InfoWorld to print a correction in next week=92s
>issue.
>
>During the testing process, the InfoWorld reviews staff did not follow
>the company=92s recommended boot procedures which are specified on=20
>pages 16-3 and 16-4 in the in the CheckPoint FireWall-1 user manual. =20
>When installing the product, the publication=92s reviews staff did not=20
>turn off the IP forwarding function.
I would seriously question the security of a firewall that
has IP forwarding turned on by default, and requires you to
DO SOMETHING to turn it off. Common wisdom would have it disabled by
default (at least), or even rip the code out from the kernel (preferred).
Most Unix systems are unfortunately insecure out of the box.
We should expect all good firewalls to be highly secure out of the box.
--
Steve Kotsopoulos M.Eng. steve @
ecf .
toronto .
edu
Systems Analyst Engineering Computing Facility, University of Toronto
http://www.ecf.toronto.edu/~steve/
Follow-Ups:
References:
|
|
