-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks Lance... your site has been a wealth of useful information for me,
and I really like the new "Attack of the Week" thing you are doing.
Thank you
Carric Dooley
Senior Consultant
COM2:Interactive Media
"But this one goes to eleven."
- -- Nigel Tufnel
On Tue, 12 Dec 2000, Lance Spitzner wrote:
> On Tue, 12 Dec 2000, Carric Dooley wrote:
>
> > Anyone know the reasoning behind why this is recommended to be set to
> > "Before Last" in the policy properties? I am working with a FW with that
> > property set to first (and have seen it before) and I can't come up with a
> > good explanation to change it (nor can I find one with all my web ferret
> > diggings).
>
> Organizations may want to filter outbound packets as well as inbound.
> If the "Accept Outgoing" is placed first, then that rule takes priority,
> meaning the organization cannot filter outbound rules. Now, you are
> problably asking yourself why would I want to inspect a packet outbound
> if I already inspected it inbound? The firewall for one. If the firewall
> initiates a connection, you can only filter it outbound. You would be
> amazed at the information your firewall gives away with ICMP error
> messages alone. For details on this, check out the paper I just updated,
> Auditing Your Firewall Rulebase (http://www.enteract.com/~lspitz/audit.html).
>
> Dont' forget, if you are doing Hide address translation, this means all
> return packets have the IP address of your firewall. If the return packets
> have any failures (such as TTL expiring), then the firewall responds on
> their behalf, giving out information.
>
> I'll be doing a total rewrite of my "Building Your Firewall Rulebase"
> where I discuss these and other issues.
>
> hope this helps :)
>
> lance
>
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Made with pgp4pine 1.75-6
iQA/AwUBOjeQK1UqWOkDpMZ2EQKCtwCdHbevbOljy+I+rZEsINeTGfCnbHoAoNsF
DbdNK89rtzoxTGw6P+y0aH5z
=LxtZ
-----END PGP SIGNATURE-----
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
