Mario Behring wrote: > Subject: Questions about fw-1 (...) > 1- FW-1 works with Statefull inspection technology, but is > there any way to > configure fw-1 to work both as packet filter and as application > proxy gateway, > just like a hybrid firewall software would do ?? You can do it but I don't recommend it.
> 2- FW-1 does not perform the OS hardening at installation time like IBM > SecureWay Firewall does, but does anybody know some CheckPoint > product or > module that perform this task before fw-1 installation ? Also, > is there any > CheckPoint tool that checks the OS for configuration problems ? no. You can search about Firewall-1 Appliance (Nokia IP). > 3- Do fw-1 (or CheckPoint) have an anti-tampering tool, i.e., a > tool that > prevents system files from being altered and verifies file > authenticity ? no I think the best thing a firewall must do is... firewall. Every software have its own scope and Firewall-1 is a good firewall product. It's good for enforcing bastions, natting, implementing security rules, ... Maybe you need a complete solution with something like tripwire, hardening OS and other but you can buy it from a system integrator or security company. As always "security is a process not a product". I don't work for CheckPoint and they don't pay me. Fabio Dema
