A very good technical guide to follow would be Hal Pomeranz's "How to
Build a Bastion Host on Solaris"
It can also be used for hardening SCO, with some minor modifications
adjusting for SCO..
4.0 already has had some security packs released to fix a few things.
They still have not fixed the mail banner where you can attempt a telnet
to 25, and receive the mail banner revealing to world that you are running
Checkpoint. Tech support had stated this was going to be addressed in the
4.0 release, but I have yet to see where you can modify the line to
prevent the banner from being shown or change the banner to fool would be
intruders and some of the IDS tools :)..
The verify rule still has some issues providing real detail on whether a
rule makes sense or not. It only states whether the rule adheres to fw-1
structure and not "does this rule make sense (risks/security)??" The
intelligence is still eft to the admin who has to design the policy.
I have yet to put 4.0 through it paces and attempt to manage multiple
firewalls with it.
The one interesting gotcha, is that if you load the console on the same
machine you have a previous version running, you will no longer be able to
use the older version console to connect to your 3.x firewall.!!
A big hint, is when you are designing your rule base, walk through it, and
ensure the rules make sense before installing it. Does the rule conflict
with other rules you have in place. What about order, etc.
enjoy..
/mark
On Tue, 20 Apr 1999, Technical Incursion Countermeasures wrote:
> At 07:10 20/04/99 -0400, you wrote:
> >We are evaluating Checkpoint's Firewall 1. The OS of preference would be
> Sun's
> >Solaris. I have read nothing about how the Solaris OS kernel should be
> hardened,
> >either by the vendor or by us. Is this not required.
>
> Normally I recommend that the Solaris be hardened.. either by simply going
> through following Sun's instructions.. or by running SeOS - which is
> somewhat the same thing IMHO...
>
> >firewall is running on a hardened SCO box that was certified by the vendor. I
> >understand that Firewall-1 has in access of 50% of the market, but from
> the very
> >limited access I have had with the product I don't see that much of an
> >advantage. Also, any comments on their support would be
> appreciated...thanks in
> >advance...Jerry
>
> Umm you said it Jerry... Microsoft has a vast percentage of the PC market..
> it doesn't make it the best though... FW-1 seems to be OK as far as
> firewalls go.. it does actually perform to specs and tends to have good
> support - which is often the key item in any IT purchase. The latest
> version is actually easy to setup (well to a degree - I wish they would
> have all the settings in one app.. not several though)
>
> hopes this help..
>
> Cheers,
>
> Bret
> Technical Incursion Countermeasures
> [EMAIL PROTECTED] http://www.ticm.com/
> ph: (+61)(041) 4411 149(UTC+8 hrs) fax: (+61)(08) 9454 6042
>
> The Insider - a e'zine on Computer security Vol 3 Issue 1 out now
> http://www.ticm.com/info/insider/index.html
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
##########################################################
'Turn on, Boot Up, Jack in'
#########################################################
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
