[16296] in bugtraq
Response: Stateful Inspection of FireWall-1
daemon@ATHENA.MIT.EDU (Scott Walker Register)
Fri Aug 18 05:42:43 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1
Message-Id: <Chameleon.966542438.walker@stinky>
Date: Thu, 17 Aug 2000 10:22:55 -0800
Reply-To: Scott Walker Register <scott.register@US.CHECKPOINT.COM>
From: Scott Walker Register <scott.register@US.CHECKPOINT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Below are some additional pieces of information relevant to the original
"Stateful Inspection of FireWall-1" posting.
1. Additional information about these issues may be found at
http://www.checkpoint.com/techsupport/alerts
2. Service packs which address all of these issues may be downloaded
at www.checkpoint.com/techsupport. Please read the relevant release
notes.
3. Several of the referenced vulnerabilities rely on manually editing
the control.map file to weaken authentication. This kind of reconfiguration
is not and has never been recommended by Check Point. Specifically,
Check Point does not recommend using "127.0.0.1: */none" in control.map;
and FWN1 is not supported, documented, or recommended as an alternative
to the standard FW-1 inter-module authentication and encryption mechanisms
(S/Key and FWA1 are supported, and FWA1 is strongly recommended).
----------------------------------------------------------------
Scott.Register@us.CheckPoint.com || FireWall-1 Product Manager
Check Point Software Technologies, Inc.
2255 Glades Road / Suite 324A \ Boca Raton, FL 33431
Voice: 561.989.5418 | Fax: 561.997.5421 | 08/17/00 10:22:55
----------------------------------------------------------------
