-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Simon,
The following ports are used by Firewall-1, I believe that all of
these ports should remain open, unless one thinks that it would
provide a means in breaching security.
*TCP 259 is used for Client Authentication, the UDP port of 259 is
used as encryption to manage an encrypted session.
*TCP 258 is used for the Firewall administration GUI via remote
administration. aka FWpolicy Remote GUI.
* TCP 257 is used for the Remote Firewall program(module?) to send
logs to a Manager console.
* port 256 is used too for encryption, that of CS & DH key exchange
in the FWZ encryption. Some say this is also used by
securemote. I have no recollection of this, but someone out in the
audience might be able to help you there
*UDP 161 & 260 used by Firewall-1's SNMP Daemon.
Once again, if your job/ability, is useful for remotely administering
the firewall, then I would keep all of these active. I believe
that Checkpoint wants these ports open at all times. But once again,
a speculation.
One last thing, if you do use remote administration of your
firewall, be smart and use a Randomly generated, or Really
bloomin' hard to guess password with random #'s and Characters.
There are crackers out there that can rip through weak
passwords like a knife through butter.
Jayson Broughton
HQ-All Bases Covered
Network & Security Admin.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
iQA/AwUBOITBEKe75Wq9veF/EQLi0gCg199VWfkcTxuiSg1YnAM7CLubbrEAnAvG
cTj7xEy3MyeYu0rJ7Vueoa/V
=88ED
-----END PGP SIGNATURE-----
Simon Elliot wrote:
> Hi
>
> I was interested in a previous messge you received
> regarding TCP ports 256,257,258 on Firewall 1.
> What security implication can rise from these ports being open?
>
> Thanks for your time
> Any help will be gratefully received.
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:58:19 PDT