A more accurate understanding of the IDS, network traffic; both current and anticipated and policy design would prevent this useful feature from causing the denial of service described. Personally I would recommend this option only once you have a detailed understanding of the IDS's signature verification capabilities.
I have configured many RealSecure deployments with this feature which when used correctly can be extremely useful especially when blocking backdoors for instance but of course, if you have a limited understanding of the behavioural characteristics of the deployed IDS solution then false positive events will trigger the type of response that has been described. My $.02 Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Taylor Sent: 19 February 2003 10:07 To: as dsf; [EMAIL PROTECTED] Subject: RE: [ISSForum] Checkpoint Firewall Reconfiguration by RealSecure (More than 1 Fw Policy file) I wouldn't even do it if I were you!!!!!!! Letting a machine configure your Firewall??? Tried it once ---- never again after so many denials of service from doing it!!! JT John Taylor | Director Security Products | Tolerant Systems Ltd | 01782 865026 | 07730 989255 This electronic message contains information from Tolerant Systems, which may be privileged or confidential. The information is intended for use only by the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is strictly prohibited. If you have received this electronic message in error, please notify me by telephone or email (to the number or email address above) immediately. -----Original Message----- From: as dsf [mailto:[EMAIL PROTECTED]] Sent: Monday, February 17, 2003 9:53 PM To: [EMAIL PROTECTED] Subject: [ISSForum] Checkpoint Firewall Reconfiguration by RealSecure (More than 1 Fw Policy file) We are currently testing ISS RealSecure solution which includes: - SiteProtector 1.2 + Network Sensors + Server Sensors - Checkpoint Management Console administering 3 Checkpoint firewall-1 with a different policy file for each one. Question: Since I am about to use the firewall reconfiguration by RealSecure IDS feature , i need to know if i should pack my 3 different policy files in just a unique one in order this feature of firewall reconfiguration actually works. Thanks __________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo -- ------------------------------------------------------------------------ ---- -------------- This message has been inspected by DynaComm i:mail 3.0 http://www.tolerant.com/products/product1.asp?product_ID=27&ProductType_ ID=2 ------------------------------------------------------------------------ ---- -------------- -- ------------------------------------------------------------------------ ------------------ This message has been inspected by DynaComm i:mail 3.0 http://www.tolerant.com/products/product1.asp?product_ID=27&ProductType_ ID=2 ------------------------------------------------------------------------ ------------------ _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
