|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] How do you prevent the Firewal operating system from being identified?
Disable everything you have under your policy propreties,therefore there
you will have no implied rules available be
default.
From
that point you can control 100 % your firewall, based on source destination
and service, including your management traffic (256.257.258 and so
on).
Simple
as that.
Regards
If you have SecuRemote users, I believe the answer is you can't prevent
someone from finding out what OS the firewall is running on. You will
have to have 264/tcp and/or 256/tcp open to the world, unless you know the
specific IP addresses of your SecuRemote users. With those ports open to
the world, someone can fingerprint the OS using those open ports.
The security servers may pose the same issue.
-idenfw
>From: "Tim Holman"
>To: "Dave Ng Thiam Huat" , "Fernandes, Andy
(ANDF)" ,
>Subject: Re: [FW1] How do you prevent the Firewal operating
system from being identified?
>Date: Thu, 22 Mar 2001 12:22:07 -0000
>
>
>FW management modules & control connections are all
INTERNAL, so an EXTERNAL
>port scan will not pick them up, as they won't be running on
the external
>interface.
>It would be quite easily to fingerprint from the internal LAN,
but then
>again, if you're on the internal LAN, you probably know you've
a Checkpoint
>firewall anyway !
< Good stuff snipped >
> >
> > ----- Original Message -----
> > From: Fernandes, Andy (ANDF)
> > To:
> > Sent: 21 March 2001 20:40
> > Subject: [FW1] How do you prevent the Firewal operating
system from being
> > identified?
> >
> >
> > >
> > > Hello all:
> > >
> > > I have been told that it is possible to identify a
Checkpoint Firewall's
> > > operating system type, build and version type from
the outside by
> > examining
> > > banners and using various fingerprinting techniques.
How can a
>Checkpoint
> > > firewall be protected against this vulnerability?
> > >
> > > Andy
> > >
> > >
> > >
Get your FREE download of MSN Explorer at http://explorer.msn.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|