Network Security: Detailed info on Re: ISA2K4 or CheckPoint FW-1

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Firewalls

[Top] [All Lists]

Re: ISA2K4 or CheckPoint FW-1

from [Daniel Miessler] Network Security

[Permanent Link]

Subject:	Re: ISA2K4 or CheckPoint FW-1
Date:	Sun, 13 Feb 2005 12:12:43 -0500


On Feb 7, 2005, at 3:37 AM, Zlateanu, Dragos Alexandru wrote:

Can any of the software firewalls open a port dynamically based on app. request and shut it down when session is closed?

Not that I know of, and for good reason. This sort of setup, i.e. UPnP, is horribly insecure. All an attacker would have to do to bypass your defenses is send a request for connectivity (UPnP style) over some crazy port range and they would get it. This is basically telling your firewall to become a router for anyone who asks, and it's *not* a good idea.

My suggestion is that you migrate to a more secure way to do IM. I"m not up to speed on all of them, but I'm sure there are some that don't have such absurd requirements as these. Take a look at Skype and Jabber, for starters.

Regards,

-Daniel Miessler

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
ISA2K4 or CheckPoint FW-1, Zlateanu, Dragos Alexandru Re: ISA2K4 or CheckPoint FW-1, Volker Tanger Re: ISA2K4 or CheckPoint FW-1, Markus Wernig Re: ISA2K4 or CheckPoint FW-1, Daniel Miessler <= Re: ISA2K4 or CheckPoint FW-1, Cesar Farro Flores RE: ISA2K4 or CheckPoint FW-1, Bryan Bain

Previous by Date:	Data Mining for PIX Firewall Logs, Carey Heck
Next by Date:	Re: How to manage ISA2004 on ADS server, Daniel Miessler
Previous by Thread:	Re: ISA2K4 or CheckPoint FW-1, Markus Wernig
Next by Thread:	Re: ISA2K4 or CheckPoint FW-1, Cesar Farro Flores
Indexes:	[Date] [Thread] [Top] [All Lists]