Re: Firewall-1 Information leak

2001-07-25 Thread Grzegorz Mucha
Stephen JT Bourike wrote: > > Actually, since 4.1 SP-3 the use of Hybrid IKE mode has worked fairly well. > SP-4 fixes some of the outstanding problems and it is now possible to use > strongly-authenticated SecuRemote sessions with IKE encryption and key > exchange. Sure, but you can use Hybrid

RE: Firewall-1 Information leak

2001-07-24 Thread Stephen JT Bourike
:[EMAIL PROTECTED]] Sent: 24 July 2001 12:07 To: Hugo van der Kooij Cc: [EMAIL PROTECTED] Subject: RE: Firewall-1 Information leak On Mon, 23 Jul 2001, Hugo van der Kooij wrote: > > Why might anybody use FWZ (CheckPoint's propriatary encryption scheme), > > rather than IKE? It&

RE: Firewall-1 Information leak

2001-07-24 Thread Mariusz Woloszyn
On Mon, 23 Jul 2001, Hugo van der Kooij wrote: > > Why might anybody use FWZ (CheckPoint's propriatary encryption scheme), > > rather than IKE? It's inherently less secure, as it can't use IPSec tunnel > > mode. As I see it, there's a genaral problem with using firewalls for > > encryption gatewa

RE: Firewall-1 Information leak

2001-07-23 Thread Hugo van der Kooij
On Fri, 20 Jul 2001, MALIN, ALEX (PB) wrote: > Why might anybody use FWZ (CheckPoint's propriatary encryption scheme), > rather than IKE? It's inherently less secure, as it can't use IPSec tunnel > mode. As I see it, there's a genaral problem with using firewalls for > encryption gateways. You do

RE: Firewall-1 Information leak

2001-07-23 Thread MALIN, ALEX (PB)
y. Alex Malin -Original Message- From: Bugtraq Account [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 19, 2001 3:02 PM To: Haroon Meer Cc: [EMAIL PROTECTED] Subject: Re: Firewall-1 Information leak On Wed, 18 Jul 2001, Haroon Meer wrote: > Checkpoint Firewall-1 makes use of a piece of

RE: Firewall-1 Information leak

2001-07-20 Thread David Sexton
IL PROTECTED]] > Sent: 19 July 2001 23:02 > To: Haroon Meer > Cc: [EMAIL PROTECTED] > Subject: Re: Firewall-1 Information leak > > On Wed, 18 Jul 2001, Haroon Meer wrote: [David Sexton] > This is a well-known, and generally accepted, risk associated with ru

Re: Firewall-1 Information leak

2001-07-19 Thread Bugtraq Account
On Wed, 18 Jul 2001, Haroon Meer wrote: > Checkpoint Firewall-1 makes use of a piece of software called SecureRemote > to create encrypted sessions between users and FW-1 modules. Before remote > users are able to communicate with internal hosts, a network topology of > the protected network is d

RE: Firewall-1 Information leak

2001-07-18 Thread Lars Troen
Haaron, The default setting in 4.1SP1 (CP2000) and later is *not* to respond to unauthenticated topology downloads. You must check the box in Policy Properties in order to activate it. Lars -Original Message- From: Haroon Meer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 18, 2001 03:2

Re: Firewall-1 Information leak

2001-07-18 Thread Christian Herb
Hi, Thats not exactly right. You could restrict the topology download, so that only authenticated Users can download the topo. Just go undere Policy Properties Desktop Security of your Policy Editor and uncheck "respond to unauthenticated topology requests". After installing the Policy only auth