Firewalls: Re: FW-1 and IBM AIX

Firewalls
(July 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: FW-1 and IBM AIX
From:	Domenico Viggiani <dviggian @ gst . cgs . it>
Organization:	CAP GEMINI SpA
Date:	Mon, 14 Jul 1997 14:35:40 +0200
To:	Roger Rea <rrea @ us . ibm . com>
Cc:	firewalls @ greatcircle . com
References:	<5040100006452646000002L062* @ MHS>

Thank you very much for your reply.

> FW-1 does NOT do any OS hardening.  It is expected that the installer will do
> this on whatever platform it is installed on.
It is a bad thing. It was expected at least a 'basic' OS hardening.
In any case, from Checkpoint, I received the following insurance:
'By using the CheckPoint Stateful Inspection Technology, we even secure
the gateway itself.
We inspect each and every packet on the Inbound direction, meaning even
before entering the gateway and reaching the OS.'

> Perhaps you should consider IBM Firewall for AIX.  
Already considered. But it doesn't fulfill some requirement for our
project (NIS and SQL*net traffic, a 'not common' login procedure to the
FTP proxy, etc.)

> (Check Point Firewall-1 offers NO proxies).
They are unnecessary with their Stateful Inspection technology.

But why IBM OEMs FW-1?

-- 

Domenico Viggiani                Internet Systems Engineer
CAP GEMINI ITALY SpA	       E-mail: dviggian @
 gst .
 cgs .
 it
Via dei Berio, 91 - 00155 Roma      Phone: +39 6 23190 509

Follow-Ups:

Re: FW-1 and IBM AIX
From: Claudio Telmon <claudio @ DI . Unipi . IT>

Indexed By Date	Previous:	Firewall solution From: Pete Davis <petedavis @ usa . net>
Indexed By Date	Next:	Re: Stateful packet filtering From: Paulo Fernandes <pjf @ star . sols . pt>
Indexed By Thread	Previous:	Re: FW-1 and IBM AIX From: Hassan Karim <hkarim @ cq . com>
Indexed By Thread	Next:	Re: FW-1 and IBM AIX From: Claudio Telmon <claudio @ DI . Unipi . IT>