The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Checkpoint FW-1 identification


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Fri, 16 Jul 1999 08:26:52 -0000
From: Tim Hirst <hirst@ROCKETMAIL.COM.>
To: [email protected]
Subject: Checkpoint FW-1 identification

Hi all,

This is not a bug but is instead a common procedural error.
If a remote attacker performs a port scan on a network and
finds a machine with ports 256, 257, and 258 open then it is
a sure bet that they are running a Checkpoint FW-1 firewall.
Since increased awareness about the brand and location of a
firewall can greatly help an attacker, providing this
information is a *bad* thing.

Solution: Don't give them the info. Don't allow any
connections to the firewall itself, accept for the firewall
protocol, and only allow that from trusted sources. Of
course this means that your firewall should not be running
any other services, but that should be a given. Also make
sure that you disable the appropriate sections in the
*hidden* properties page. If you have a router then add a
ACL that disallows unauthorized systems from scanning or
even seeing these ports.



-- 
Tim Hirst                          <thirst@hiverworld.com.>
Audit Team Leader                http://www.hiverworld.com
Hiverworld, Inc.               Enterprise Network Security
Network Forensics, Intrusion Detection and Risk Management


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру