I just want to specify that if you use an adaptative firewall, you'll
have a firewall which runs like a proxy at the first time of the
connection(works on application layer) and if this level is allowed it
works on the network layer which is faster to control. Each step in
statefull inspection.
See www.attrition.org newbies section in security part.
But I would like to know if someone knows here the name of an adaptative
firewall.
If someone can give me web sites about voice on IP it will be great.
Thanks
Fredo La Malice
>I would assume that any firewall that was used in a U.S. government
high security situation was subject to source code inspection (under a
NDA) before it would be allowed in.
>
>Since FW-1 uses stateful packet inspection rather than application
proxies (mostly), it should be easier to examine. Unlike an application
proxy gateway, which requires verification at the service protocol layer
, statefull inspection only verifies that the TCP streams are
consistent.
>Validation for Common Criteria only means that the product meet the
standards that are assigned to that product.
> A stateful inspection firewall does not claim to prevent invalid HTTP
, so it can meet the standard without inspecting HTTP.
> AN application proxy claims to validate HTTP so it has a higher
standard to meet to achieve certification.
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of Nguyen_Trang
>Sent: Thursday, November 30, 2000 12:53
>To: '[EMAIL PROTECTED]'
>Subject: Dod & CheckPoint backdoor
>
>
>All:
>
>I have been reading and collecting responses to my
>original post regarding DoD and CheckPoint with keen
>interest. After the thread remisses, I will see if
>I can compile a summary.
>
>Meanwhile, I received this email. In posting it, I
>hope that it will quelch the backdoor issue or open
>another can of worm.
>
>Trang
>
>-----Original Message-----
>From: Robert Deitz [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, November 28, 2000 6:04 PM
>To: Nguyen Trang
>Cc: Jeff Deitz
>Subject: DoD Firewall Policy
>
>
>Nguyen,
>I was forwarded your e-mail requesting information on Check Point
Firewalls
>and DoD. We are very familiar with this issue - we have been working
with
>the NSA, Army, OSD and Check Point on this for about 2 years. While it
is
>true the the Army some time ago sent out a memo requiring all Check
Point
>Firewalls to be uninstalled because of a "supposed back door" found by
NSA
>that is actually past history. I think you are aware of the NIAP
>certification program and web page. This is sponsored by NSA/NIST and
is the
>only official standard for DoD/Federal certifications. This has put the
DoD
>into a precarious situation as the Army's main Firewall - Gauntlet, the
Air
>Force's main Firewall - Sidewinder, and the Navy's main Firewall -
Raptor
>(they have a bigger mix than other Departments however) all are not
approved
>by NIAP. Thus, NSA's suggestion (a Federal Requirement via Executive
order
>effective Jan, 2002) for secure and tested products is not being
followed by
>the DoD. The web page has been up since Oct of 1999 so it has been over
a
>year that these products and what was certified has been public. This
would
>tend to indicate that DoD is not following it's own guidelines thus any
>previous mandate to remove a particular product would not seem to have
>carried any DoD wide mandate.
>If I can answer any other questions please feel free to contact me.
>Robert Deitz
>Government Technology Solutions
>530-621-1163
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
