Bill Stout wrote:
> Why do I hear about companies pulling out Checkpoint-1 firewalls for
> security reasons, or security expert recommendations to remove Checkpoint?
> I've heard some (unverified) concern about a possible Mossad/Checkpoint
> connection, but is there something hard and specific that I'm missing,
> besides the fact the firewall has filters but no proxies?
> Bill Stout (Systems Engineer/Consultant) stoutb @
> Pioneer Standard (Computer Systems & Components) http://www.pios.com/
> San Jose, CA (Location of 1 of 52 U.S. offices) (408) 954-9100
> *My opinions do not reflect that of the company, and visa-versa, thankfully.*
Bill raised an issue that has burned me in the past; that I think
deserves discussion: the relationship between "security" products
companies and intelligence organizations. This is an important issue
because it goes to the credibility of security technology (as seen, this
includes fiewalls) and it seems to me that, at a minimum, professionals
can take such claims with a jaundiced eye.
In the US (and presumably elsewhere), it is pretty hard to find a
company with security products that doesn't have ex-(3 letter agency
initials here) folks on their staff, and, perhaps, on their boards.
Pointing this out to imply some ulterior motive or malicious
relationship seems to be a favorite ploy for some vendor, taking full
advantage of general suspicions regarding secretive organizations (WHAT
are they hiding/up to?) In the case of the US, this is particularly
effective overseas -- where there is some justified paranoia regarding
the US Intelligence Community.
Old timers will remember the seemingly endless rumors of a back door
into DES (why hasn't someone found it in the last XX years?), stories
that high assurance systems had a secret "switch" for any of a variety
of malicious activities, stories of an Intel Corp./NSA connection with
secret code in the 286 (and presumably generations since), etc. Besides
doesn't NSA "evaluate" security products (wink, nudge...) Some of this
almost falls into the category of folk lore, but, does no one any good.
In reality, if such a relationship existed and was exposed, it would
almost certainly destroy the company in the relationship. It would also
be a public relations disaster for the agency -- can you imagine what
fun Pat Moynihan et al would have on Capital Hill? Unfortunately,
proving a negative is impossible, so, I suppose that such stories will
continue to crop up from time to time. (Now the truly paranoid will use
this scenario to "prove" that my argument is the basis for a "clever"
strategy to do just what I say it prevents...and around it goes.)