Firewalls: TT0000011229 Re: Pulling out Checkpoint-1 firewalls

Firewalls
(June 1997)

Indexed By Thread: [Previous] [Next]

Subject:	TT0000011229 Re: Pulling out Checkpoint-1 firewalls
From:	Mark Teicher <mht @ clark . net>
Date:	Fri, 27 Jun 1997 09:43:35 -0400
To:	firewalls @ greatcircle . com

Forwarded response from Checkpoint concerning Mossad..  


/mark

>To: mht <mht @
 clark .
 net>
>Cc: deb <deb @
 checkpoint .
 Com>
>From: support <support @
 checkpoint .
 Com>
>Date: 27 Jun 97 14:24:35 ZET
>Subject: TT0000011229  Re: Pulling out Checkpoint-1 firewalls
>
> 
> Hi,
>
>>>Why do I hear about companies pulling out Checkpoint-1 firewalls for
>>>security reasons, or security expert recommendations to remove Checkpoint?
> This the first we've heard about it. Granted, Firewall-1, by itself,
>will not secure your network because you can misconfigure it, but that's
>not a reason to pull it out and leave yourself completely exposed - it's 
>a reason to learn how to configure it properly.
> 
>>>I've heard some (unverified) concern about a possible Mossad/Checkpoint
>>>connection, but is there something hard and specific that I'm missing,
>>>besides the fact the firewall has filters but no proxies?
> The fact that Firewall-1 does not have proxies is because we don't 
>need them. Stateful inspection provides you with the same level of security,
>but without having to go through a proxy, which has a high performance cost.
> As for our alleged connection with the Mossad, I can assure you we 
>don't have such a connection. However, that might not be enough for you, 
>because even if I were a Mossad agent I'd still reassure you I wasn't.
> Instead, I'll appeal to your logic. Any Firewall you may buy was 
>written in a country with a security service, which could have written
>a backdoor into it. Is there any reason why the Israely Mossad worries
>you more than the US's NSA or any other equivalent agency? If you're
>worried that Israely law makes Checkpoint but a backdoor into the Firewall
>in a way that US laws don't, I can assure you that is not the case,
>although you wouldn't be able to verify me without an expensive legal
>search, which you will obviously have to do yourself.
> There is another matter, and that is that a major intelligence
>agency, such as the Mossad or the N.S.A. probably has other ways to
>get at your computers. For an analysis of this risk, please refer to
>the PGP documentation, available at URL
>ftp://nic.funet.fi/pub/crypt/cryptography/pgp/doc/pgp23dosA.zip
> 
> Sincerely,
>  Ori    Pomerantz
>  Support Engineer
>
>
#########################################################
'Turn on, Boot Up, Jack in' 
#########################################################

Follow-Ups:

spies and trap door trickery
From: m* <mark @ novare . net>
Re: TT0000011229 Re: Pulling out Checkpoint-1 firewalls
From: Frank Willoughby <frankw @ in . net>

Indexed By Date	Previous:	Re: Six weeks = security expert From: ArkanoiD <ark @ paranoid . convey . ru>
Indexed By Date	Next:	Re: Pulling out Checkpoint-1 firewalls From: Mark Teicher <mht @ clark . net>
Indexed By Thread	Previous:	Re: Reserved IP addresses. From: Paul Ferguson <pferguso @ cisco . com>
Indexed By Thread	Next:	Re: TT0000011229 Re: Pulling out Checkpoint-1 firewalls From: Frank Willoughby <frankw @ in . net>