Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] PIX vs CheckPoint

from [Eric Paynter] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] PIX vs CheckPoint
Date: Tue, 29 Jun 2004 18:27:38 -0700 (PDT) 
On Tue, June 29, 2004 4:57 pm, Gary E. Miller said:

I agree, except for one small problem.  Don't you still have to delete
ALL the filter rules, and reenter them ALL to change the order of the
rules?


I don't administer the PIX boxes, so I don't know the details of the
interface. My statements were based on what the admins told me. However,
isn't the beauty of any CLI app that you can do all your administration
through simple scripts?

Personally, I use iptables firewalls. With iptables, my "config" file is
really the script that loads the rules. When I make a change to the rules,
it is to add/alter/remove a line from that script. The script is executed
on boot and after any changes. I would assume the same is standard
practice for PIX.

The other benefit of a scripted config is you can test it on another
machine, and once you're sure you've got it right, you can copy the script
over to the production machine. Reduces errors.

You're not entering rules by hand into a production firewall, are you?
:shock:

-Eric
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] Tools for checking for presence of adware remotely, Peter B. Harvey (Information Security)
Next by Date:  Re: [Full-Disclosure] PIX vs CheckPoint, Simon Burr
Previous by Thread:  Re: [Full-Disclosure] PIX vs CheckPoint, Gary E. Miller
Next by Thread:  Re: [Full-Disclosure] PIX vs CheckPoint, Jeff Kell
Indexes:  [Date] [Thread] [Top] [All Lists]