[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Inter-module communication security

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] Inter-module communication security
From: Peter Mayne <Peter.Mayne@digital.com>
Date: Wed, 21 Apr 1999 16:11:36 +1000


Suppose I have Firewall-1 installed on three systems: firewall module,
management module, and GUI client. (Let's make them all Windows NT for
simplicity, though I supose the answers will generalise to all platforms.)

How strong is the security between modules, in terms of (a) others on the
internal network spoofing themselves as another management module or GUI
client, and (b) others on the internal network sniffing traffic between the
GUI and mgmt, and mgmt and firewall modules?

The module keys and usernames provide a level of security, but it is on the
level of HTTP basic authentication (essentially clear text over the
network), Kerberos, or something else?

If I don't really care that someone can sniff the rulebase as it passes
between the modules (perhaps I publish my security policy anyway), am I
opening myself up to anything?

Is there anything worrying enough for me to pass inter-module traffic
through a VPN, or can I just use the modules as they are?

PJDM
----
Peter Mayne, Compaq Computer Australia, Canberra, ACT
These are my opinions, and have nothing to do with Compaq.
A room without books is like a body without a soul. - Cicero



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Port numbers
Next by Date: RE: [FW1] Firewall-1 Password User Authentication
Prev by thread: Re: [FW1] IPSEC Clients
Next by thread: [FW1] Which NT Services with Firewall-1
Index(es):
- Date
- Thread