Date: Sun, 08 Oct 2000 00:15:26 -0600 From: Wes Peters <wes@softweyr.com> To: Gregory Sutter <gsutter@zer0.org> Cc: Craig Cowen <craig@allmaui.com>, "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: Check Point FW-1 Message-ID: <39E010FE.8CAA2CB1@softweyr.com> References: <39DEBB51.E51BACFB@allmaui.com> <20001006230628.L23587@klapaucius.zer0.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Gregory Sutter wrote: > > On 2000-10-06 22:57 -0700, Craig Cowen <craig@allmaui.com> wrote: > > The big cheeses at work want to use check point instead of ipf or any > > other open source solution. > > Can anybody help me with vunerabilities to this so that I can change > > thier minds? > > Go search the Bugtraq archives at http://www.securityfocus.com/ for > lots of Checkpoint fun. FW-1 sucks. Mumble mumble NDA mumble mumble can't say any more mumble mumble mumble. "Oh God, and I thought these smelled bad on the outside." There are several commercial firewall products based on FreeBSD (or, shudder, Linux) that are better tools in the hands of someone who will take them to educate themselves. A BSD box running ipfilter or ipfw is very straight- forward to secure, and offers reasonably easy tools for remote configuration like ssh. Others have mentioned a couple of commercial alternatives; add NetMax and GnatBox (right?) to this list. Also, be sure to get a copy of my paper for BSDCon explaining why my company decided to use BSD and ipfilter to build the firewall of the future on. (Sorry, it's not a corporate firewall and is not suited for your use.) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39E010FE.8CAA2CB1>