>From: "Robert Stanley" <[EMAIL PROTECTED]>
>Subject: RE: Checkpoint Vulnerabilities???
>
> My understanding of the vulnerabilities were that they were
> mostly due to
>improper (loose) configuration.
No, unfortunately - the vulnerabilities are the result
of apparently serious design deficiencies in how VPN
authentication is performed, as well as how decisions
are made about what traffic passes through the VPN.
There's a lot of ugly stuff there. :( As a (former)
firewall designer, it's really disappointing to see
these kind of basic design flaws in such a widely
deployed product - they're the kind of mistakes that
nobody who knows anything about firewalls or crypto
would make. :(
mjr.
-----
Marcus J. Ranum
Chief Technology Officer, Network Flight Recorder, Inc.
Work: http://www.nfr.net
Personal: http://pubweb.nfr.net/~mjr
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
