Re: Firewall-1 Security Advisory

From: David S. Goldberg (dsgat_private)
Date: Tue Oct 27 1998 - 05:35:43 PST

Next message: Aleph One: "Re: Service Pack 4 - Issues"

Previous message: Bill Becker: "navigator lost (settings)"
Maybe in reply to: Diligence Risks: "Firewall-1 Security Advisory"
Next in thread: David S. Goldberg: "Re: Firewall-1 Security Advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> Paul Sears writes:
> Instead of completely disabling these rules, I recommend the
> "enabled" but process it "Last" and have appropriate rules to
> authorize and log these services...

If you have rules to authorize and log the services handled by the
properties, then you might as well (in fact, I'd say you'd be better
off to) disable them in the properties since the properties will never
come into play, unless your rules are not all encompassing.  The
exceptions to this are the handling of established session packets and
ftp PORT handling (and maybe one or two others that I've forgotten),
which is difficult, if not impossible, to handle in the ruleset.

--
Dave Goldberg
Post: The Mitre Corporation\MS B305\202 Burlington Rd.\Bedford, MA 01730
Phone: 781-271-3887
Email: dsgat_private

Next message: Aleph One: "Re: Service Pack 4 - Issues"
Previous message: Bill Becker: "navigator lost (settings)"
Maybe in reply to: Diligence Risks: "Firewall-1 Security Advisory"
Next in thread: David S. Goldberg: "Re: Firewall-1 Security Advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:09 PDT