> I have reviewed the Boson test and found that it was horrible. I wouldn't
> use it to blow my nose on. I am writing an HTML test right now. It will
be
> done by the end of the week for CCSA and hopefully CCSE material. The
> information for tests I am writing comes directly from Check Point's eval
> Admin Guide and I cite pages as well as just answers. The test will not
be
> based off of Check Points tests, but it will cover all of Firewall-1. I
> will ask specific people to review and add material as well.
>
> As a Check Point test review team member I cannot provide anything not
> specifically documented as public knowledge as I know all of the actual
test
> questions. However, my work will be cited directly from their manuals and
> not from my memory or from the actual tests.
>
> Stay tuned.
>
> ----- Original Message -----
> From: "Lance Spitzner" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, January 17, 2001 8:25 AM
> Subject: [FW1] Boson FW-1 Admnistrator Exam
>
>
> >
> > Recently, I was asked a question about a "Boson"
> > FW-1 Administrator exam. I have no idea what this
> > exam is, nor who sponsors it. However, if the
> > material quouted below is true, then this question
> > greatly disturbs me. I wanted to know if anyone
> > else has ran into this.
> >
> > --- snip snip ---
> >
> > I have always thought that it is necessary to harden the OS for the
> > firewall
> > server. However, I was doing the Boson Checkpoint FW-1 Administrator
> > practice exams when I came across this question:
> >
> > Question: Why is it unnecessary for Firewall-1 to harden the OS?
> >
> > Answer: Firewalls that do not analyze the packet until it gets to the
> > application layer need to protect themselves from the lower layer
> > attacks.
> > Firewall-1 protects itself by analyzing all the layers of the packet.
> > Therefore it is unncessary for the administrator to harden the OS for
> > Firewall-1 server.
> >
> > Is this true????
> >
> > --- snip snip ---
> >
> > This is absolutely NOT true. If an exam is making these assumptions,
> > then it shows that the author has a total lack of security knowledge.
> > No firewall is impervious to vulnerabilities, Bugtraq demonstrates this
> > again and again. Also, base OS armoring protects the firewall against
> > rulebase or administrative misconfigurations. I highly recommend OS
> > armoring for all firewalls, regardless of the vendor. Part of security
> > is reducing risk at all levels.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
