Re: Firewall-1 3.0b Session Agent

From: Brooke Paul (brookeat_private)
Date: Fri Sep 25 1998 - 12:40:33 PDT

Next message: Amos Hayes: "Re: tar "features""

Previous message: der Mouse: "Re: tar "features""
Maybe in reply to: Larry Pingree: "Firewall-1 3.0b Session Agent"
Next in thread: Andrew Danforth: "Re: Firewall-1 3.0b Session Agent"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Larry Pingree [SMTP:larryp@secure-it.net]
>
> A problem exists in the Firewall-1 3.0b Session Agent
>
> All communications from the Firewall-1 Module to the session agent are
> non-encrypted. Thus also allowing these communication to be snooped for
> usernames and passwords.

  I think it's worth noting that Checkpoint states that the included
Session Agent is a 'demo' and not officially supported.  The real problem
is the protocol they have defined.  Even if you attempt to write a secure
version it wouldn't interoperate with the firewall.

        Brooke

Next message: Amos Hayes: "Re: tar "features""
Previous message: der Mouse: "Re: tar "features""
Maybe in reply to: Larry Pingree: "Firewall-1 3.0b Session Agent"
Next in thread: Andrew Danforth: "Re: Firewall-1 3.0b Session Agent"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:43 PDT