Hi all!
Looking for some advice/assistance with Firewall-1.
Platform: NT
Questions re: Authentication, Encryption
Scenario:
We are about to install Firewall-1to protect an extranet server and our internal
network. The web server will be in a DMZ, and we would like to encrypt file
transmissions to our clients. We would also like to be able to authenticate
clients. Our consultant has suggested authentication at the firewall (as
opposed to at the web server), using some system other than NT Security. He has
also suggested using Checkpoint's encryption capabilities (as opposed to SSL),
and he says that (to a 'limited' extent) those capabilities are included in the
basic Firewall-1 product. He also indicates that this would make SSL
unnecessary and would allow us to do any sort of communications (e.g., FTP) in
an encrypted environment.
I have several questions about this configuration.
1. Is any sort of encryption included with the 'basic' Firewall-1 license? (I
have not been able to find much information on the Checkpoint site other than
that they have an encryption module, although I have not done an extensive
search.)
2. If encryption is included (and it is not SSL), what is necessary at the
client level to use this encryption?
3. Does the idea of forsaking NT security for authentication at the firewall
make sense, i.e., is that route SIGNIFICANTLY more secure? (I am not talking
here about using SecureID or some other token mechanism, although that is a
future option.)
4. Does authentication at the firewall (with Checkpoint) limit our flexibility
in controlling access to specific resources? (I know we could always impose NT
security on top of firewall authentication, but it would add to the 'client
burden' and also to the administrative headaches.)
5. Does anyone know of specific NT products which will allow encryption of FTP
transfers? (I have searched with little success.)
6. One of the options I am considering is setting up an 'FTP-like' directory
where files would be listed and the clients could then click on them to
view/download them. If this particular directory were set up to require HTTPS,
would that result in encrypted file transfers? (I am disregarding the issue of
HTTPS performance vs. FTP, so please don't tell me it would be slower to do it
that way.) I have enabled a 'test' directory on one server and required the use
of HTTPS to hit that directory. It works as I suspected (i.e., the directory
can't be accessed using HTTP), but I am not sure whether this ensures that files
accessed from this page would be transferred encrypted.
A lot of questions here, and I sincerely appreciate any constructive input.
These lists are great resources, and I hope these questions will also be useful
to other 'fledgling' security people.
Thanks and regards to all,
Tom
==============================================
The opinions contained herein are mine and mine alone.
==============================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
