Great Circle Associates Firewalls
(December 1997)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: dinamics filtering rules
From: "Craig I. Hagan" <hagan @ cih . com>
Date: Sun, 7 Dec 1997 22:26:51 -0500 (EST)
To: nospam @ nospam . com
Cc: Firewalls @ GreatCircle . COM
In-reply-to: <19971207142455 . 8802 . rocketmail @ attach1 . rocketmail . com>
Reply-to: hagan @ cih . com

> I hear AbirNet's SessionWall-3 also provides OPSEC support to modify
> Check Point's Firewall-1 commands on the fly.

I've always wondered about things like this. are they smart and have
multiple classes of rules: those that can't be changed, those that can be
only added, and those that can be both added and removed? If so, do that
handle rules that are in conflict in the sane (most secure)  way, or in a
first/last/best seen? 

more imporantly, has that f*cker been QA'ed so that mr. external
nastigator can't play games with your rules (e.g. if strobed, you start
disabling services, leading to a rather easy DOS/irritation attack). 

Also: if they alter there rules based upon log events, what happens when
the log partition is filled up by dirty mcnasty? Does it fail to
react?

wait...i might be pissing of some company. i'll stop now :)

-- craig


-------------------------------------------------------------------------------
Craig I. Hagan     "It's a small world, but I wouldn't want to back it up"
hagan(at)cih.com        "True hackers don't die, their ttl expires"
  	"It takes a village to raise an idiot, but an idiot can raze a village"

	Stop the spread of spam, use a sendmail condom!
	     http://www.cih.com/~hagan/smtpd-hacks

                       In Bandwidth we trust



References:
Indexed By Date Previous: Re: NT as a central intranet firewall [-Drant]
From: "Craig I. Hagan" <hagan @ cih . com>
Next: Re: Gauntlet console
From: ARVE . KJOELEN @ EY . COM
Indexed By Thread Previous: Re: dinamics filtering rules
From: HO <hagiti @ rocketmail . com>
Next: Re: dinamics filtering rules
From: Ted Doty <ted @ iss . net>

Google
 
Search Internet Search www.greatcircle.com