Although I havn't played with ti yet, I understand that using SSL gets
rid of all the problems associated with the famous "putkey"
command..... Definitely worth looking into, IMHO.
Jason
Rob Cryan wrote:
>
> I am not as informed as I have not read the TUV report... :-)
>
> I don't know the merits of SSL vs. FWA1
>
> The default encryption can be changed and even eliminated, but it is a safe
> bet to go with FWA1
>
> Rob Cryan
> Solutions Integration Manager
> infinitespace.com
> Two Westborough Business Park
> Westborough, MA 01581
> Office: 508.870.4714
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, August 10, 2000 1:55 PM
> To: [EMAIL PROTECTED]; Rob Cryan;
> [EMAIL PROTECTED]
> Subject: Re: [FW1] Management link between firewall modules
>
> Guys,
>
> Thanks.
> So let me recap.
>
> 1). The default authentication/encryption methodology between the
> mgmt console
> and firewall modules is FWa1.
>
> 2). As of today FWa1 authentication/encryption is secure (has not
> been cracked
> YET!!!) and is the best method to use.
>
> 3). You can change the default authentication/encryption
> methodology but you
> should stick with FWa1.
>
> In the TUV report (I just read it), They were able to break FWn1,
> and s/key.
> At Check Point site, it mentions about SSL being available in
> version 4.1 SP2 as
> an option for inter-module communication. Is there a reason
> not to use SSL instead of FWa1?
>
> Would you happen to know what strength is FWa1?
> Also how do you interpret that file?
>
> Thanks
>
> AC
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
