BOOK: Essential Check Point Firewall-1^(TM): An Installation,Configuration, and Troubleshooting Guide (fwd)
looks to be of interest to many of you. lots of FW-1 questions here, so .. thought i would pass it along. jose nazario [EMAIL PROTECTED] PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu) -- Forwarded message -- Date: Sat, 15 Sep 2001 15:03:16 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: BOOK: Essential Check Point Firewall-1^(TM): An Installation, Configuration, and Troubleshooting Guide Essential Check Point Firewall-1^(TM): An Installation, Configuration, and Troubleshooting Guide Dameon D. Welch-Abernathy Publisher: Addison Wesley Copyright: 2002 Format: Paper, 544 pp ISBN: 0-201-69950-8 Status: Coming 10/19/2001 Retail Price: $44.99 US http://www.aw.com/product/0,2627,0201699508,00.html -- Elias Levy SecurityFocus http://www.securityfocus.com/ Si vis pacem, para bellum ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
RE: [FW-1] Check Point Firewall-1 Log analysis
Try www.phoneboy.com (good explanations of ICMP drops and reason: unknown established TCP packet in the FAQs) http://www.robertgraham.com/pubs/firewall-seen.html General explanation of reading logs http://www.enteract.com/~lspitz/logger.html Lance Spitzner has some interesting methods for manipulating the logs Ken Butler, Mgr. Network Services Liberty Bank Voice (860) 638-2951 Fax (860)343-7468 -Original Message- From: Geoffrey Cheng [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 13, 2001 12:04 PM To: [EMAIL PROTECTED] Subject: [FW-1] Check Point Firewall-1 Log analysis Hi all, Currently I am working on a project that requires me to look into details of the log generated from FW-1, is there any useful document or guideline which could explain most of the error/block/reject messages displayed in the last column of the log view? Thanks, Geoffrey - [To unsubscribe, send mail to [EMAIL PROTECTED] with unsubscribe firewalls in the body of the message.] The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this message you are hereby notified that any use, review, retransmission, dissemination, distribution, reproduction or any action taken in reliance upon this message is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of the company. ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
[FW-1] Check Point Firewall-1 Log analysis
Hi all, Currently I am working on a project that requires me to look into details of the log generated from FW-1, is there any useful document or guideline which could explain most of the error/block/reject messages displayed in the last column of the log view? Thanks, Geoffrey - [To unsubscribe, send mail to [EMAIL PROTECTED] with unsubscribe firewalls in the body of the message.]
RE: Check Point Firewall-1
Is Check Point Firewall-1 good enough to pay 5000$ for 50 nodes ??? Is there any cheaper and good firewall for good security? That strongly depends on the OS you use. IMHO I'D _NEVER_ put security related stuff on an NT platform, I'd like to really _KNOW_ what's goin' on with the packets routed through. There are several other packets availabe for NT (Raptor Eagle, Gauntlet etc.) I have no experience in. We're using Linux with packet filtering, TIS and IP logging; works fine, it's cheap (0.00) fast an reliable. We have about 120 nodes inside here getting partially masqueraded and/or going out through squid object cache proxy server... and all this on a P166. If you don't want to put everything together on your own, there's a commercial version available too: http://www.linux-firewall.de. Don't know the price but it's worth the look at. -- Markus Doehr IT Admin AUBI Baubeschläge GmbH Tel.: +49 6503 917 152 Fax : +49 6503 917 190 e-Mail: [EMAIL PROTECTED] MD1139-RIPE * - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
Re: Check Point Firewall-1
Mehmet, "Good enough" is a subjective statement. The answer depends of the mission of your organization, and what it stands to lose should your systems become compromised. Is your 50-node organization doing market research on thumb tacks, or is it doing research on quantum computing? One is worth $5000 for security, the other is probably not. If cost is your bottom line, you could build a perfectly serviceable firewall with Linux (total cost: $0, maybe $50 if you buy a bundled distribution like Red Hat or Caldera). This will give you basic packet filtering, not to mention more services (SMTP relay, web server, DNS, etc.) than you'll know what to do with. If you want more robust firewalling, you could add the legacy Firewall Toolkit (total cost: $0) which will give you application-level firewall proxies. You can add in hacks for transparency and patches for extra proxies as you wish. And there is still more freeware for everything else you might want out of a firewall, from log analysis to realtime performance monitoring to penetration testing to intrusion detection/response. IMHO you can build a rock-solid firewall with a high degree of trust, for almost no money *in software licensing*. The real cost for such a firewall would be the cost of building and supporting it yourself. You (or another staff person in your organization) would have to be proficient in general firewalling principles, UNIX, C and C compilation, ipfwadm and FWTK at the very least. If you don't have that expertise, you will have to buy it in the form of additional staff... Regards, Chris Christopher Zarcone Network Security Consultant RPM Consulting, Inc. [EMAIL PROTECTED] #include std.disclaimer.h /* My opinions do not necessarily reflect the opinions of my employer */ Date: Tue, 23 Mar 1999 09:22:58 +0200 From: "Mehmet Sokmen" [EMAIL PROTECTED] Subject: Check Point Firewall-1 Hi, Is Check Point Firewall-1 good enough to pay 5000$ for 50 nodes ??? Is there any cheaper and good firewall for good security? boy - - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
RE: Check Point Firewall-1
Hi, Is Check Point Firewall-1 good enough to pay 5000$ for 50 nodes ??? Is there any cheaper and good firewall for good security? boy Try WatchGuard (http://www.watchguard.com), it's a good, inexpensive firewall solution for small to medium sized networks. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
Re: Check Point Firewall-1
Hi, Is Check Point Firewall-1 good enough to pay 5000$ for 50 nodes ??? Is there any cheaper and good firewall for good security? boy Try WatchGuard (http://www.watchguard.com), it's a good, inexpensive firewall solution for small to medium sized networks. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]