Suppose that I have a webserver on my internal network that is protected
by CP FW-1, and I allow the internet to see it over port 80. Also,
suppose that my webserver has a well known root-level vulnerability that
is exploitable remotely via port 80, say Apache with a poorly configured
cgi script.
FW-1 boasts application layer security via stateful inspection, but should
I expect that my webserver is safe? Are their any documents that describe
in detail what application layer attacks are stopped by FW-1?
I would expect that the webserver would still be vulnerable, and the only
way the firewall could stop an exploit against the vulnerability would be
for me to get my hands dirty with INSPECT code. In this case, how would
FW-1 be acting as anything more than a dynamic packet filter?
(Of course I should not be running such a vulnerable webserver in the
first place, but for this discussion I am not interested in host-based
security... just in FW-1).
Thanks,
--Mike
Michael B. Rash
http://www.math.umd.edu/~mbr
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
