December 16, 2018, 04:41:48 AM

Author Topic: For starters...  (Read 11205 times)

0 Members and 1 Guest are viewing this topic.

zerored

  • Guest
For starters...
« on: February 22, 2002, 05:31:20 PM »
Sup all. For starters, what do the experienced ones think of the checkpoint-1 firewall hardware/software? ive heard alot about it, but dont have any exp with it and wanted to begin a study in it....and, for those of you who are in the new, Building internet fiewalls was the best first-step book ive read...come to think of it, i still havent finished it...

Offline Metgod

  • the deranged hacker
  • Administrator
  • Forum Hero
  • *****
  • Posts: 1116
  • Country:
  • Gender: Male
Re:For starters...
« Reply #1 on: February 22, 2002, 05:55:40 PM »
blah. Haven't read about it.
Some thoughts though...

What sort of structure does it have ? Hardware, software, both ?
What kind of firewall ? How does it work ?

Basically when you are considering a firewall you have to match YOUR criteria.
So if you want SPI (stateful packet inspection -- YAY !!!) then get one with it.
Even routers will have SPI.

But anyways, the point is, get what you need. Stay away from McAfee, Black ICE, and
other crappy software firewalls. A firewall is designed to protect an internal network
(internet -- not THE Inernet [notice cases of 'i']) connected to the Internet. So if you have

216.101.221.90 (outside your internet) trying to connect to your internet it is designed to deny
the connection, filter the packets or what not. Blah, enough blabbering. I've said
enough and I'm too tired to really think. Basically if it has features that you like,
go for it. Remember -- that's what's it's about -- reading, learning, experimenting
about everything, especially things that interest you...

- Metty
"My Terminal is my Soul"

Offline Uneek

  • Administrator
  • Seasoned Poster
  • *****
  • Posts: 306
  • Country:
  • Gender: Male
    • HFX International Org.
Re:For starters...
« Reply #2 on: February 25, 2002, 01:30:43 PM »
Slight correction, and I think Metty just happened to have a brain fart or typo like I always do... when he says connect to your internet, I believe he meant your intranet...
*** Sleep: A completely inadequate substitute for caffeine. ***
01010010010101000100011001001101

Offline Metgod

  • the deranged hacker
  • Administrator
  • Forum Hero
  • *****
  • Posts: 1116
  • Country:
  • Gender: Male
Re:For starters...
« Reply #3 on: February 25, 2002, 11:33:20 PM »
actually

intranet is usually private yes, BUT... an internet (lowercase 'i') can also be private.
It's simply a network of networks and why couldn't it be private. Maybe it'd be more appropriate to say intranet,
but I believe I said *looks back* internal internet -- which would make sense (then again,
they could have two internets -- one private, one not [let's call one an intranet and one
an internet respectively]).... Hrmm.. could get very complicated
and interesting, wouldn't you say Neekster ?

Yes yes, I like this topic. This could be quite interesting...


- Metty
"My Terminal is my Soul"

Offline Metgod

  • the deranged hacker
  • Administrator
  • Forum Hero
  • *****
  • Posts: 1116
  • Country:
  • Gender: Male
Re:For starters...
« Reply #4 on: February 25, 2002, 11:37:33 PM »
hehe
the debate of the term 'internet' and 'intranet'

haha
"My Terminal is my Soul"

Offline Uneek

  • Administrator
  • Seasoned Poster
  • *****
  • Posts: 306
  • Country:
  • Gender: Male
    • HFX International Org.
Re:For starters...
« Reply #5 on: March 01, 2002, 12:36:42 PM »
Hehehe... well, in this industry, terms are like assholes... everyone has one.... er... well, you get the idea! What one person calls something someone else calls something else, so I'm sure we're both right. blah... just like VPN. Ask 5 different Network Admins, and they'll each give you a different definition of it. Anyhoo, I think I'm too tired to make any sense right now... **needs some serious caffeine**

BRB... gonna go get me a mocha freeze...
*** Sleep: A completely inadequate substitute for caffeine. ***
01010010010101000100011001001101

Offline wilnix

  • mv user /dev/null
  • Administrator
  • Forum Hero
  • *****
  • Posts: 690
  • Country:
  • Gender: Male
  • You're not the fastest packet in the subnet...
    • Wilnix - The NetAdmin's Resource
Re:For starters...
« Reply #6 on: March 04, 2002, 02:06:24 PM »
 8) I use Checkpoint FW1 on a Nokia IP330 with IPSO (a broken down version of freebsd). I find it to be very helpful and very secure (configuration helps). I am also working on getting MCNS (Cisco Network Security) Certified and although PIX has come a long way, I will continue to use the Nokia / CPFW combination.

Hope that helps...

Wilnix
alt email address: wilnix@hackphreak.org

Zerored

  • Guest
Re:For starters...
« Reply #7 on: March 24, 2002, 05:19:42 PM »
aaight. Well, lets start from scratch. Yeah, ive heard about black ice def. and zonealarm ect. But does anybody have any linkage (so to research)as to(or just know)why thier so terrible? Ive researched them myself(went to their site, which, i know is biased) and also searched for problems of those software-based fwallz, but didnt find much as to why thier horrible at secruing what they secure.

Offline wilnix

  • mv user /dev/null
  • Administrator
  • Forum Hero
  • *****
  • Posts: 690
  • Country:
  • Gender: Male
  • You're not the fastest packet in the subnet...
    • Wilnix - The NetAdmin's Resource
Re:For starters...
« Reply #8 on: April 03, 2002, 05:28:35 PM »
The problem I see with ANY software firewall is the fact that it is not PHYSICALLY controlling what makes it to your computer. The filtering is happening on the system you are using, don't you think that is kinda late? I can't say I don't use them anyways though. I use Norton's Personal Firewall on my system to keep the help desk from trying to grow a brain in the area of hacking. But, as far as using it as a complete solution...NO. A hardware firewall, software speaking, is free using freebsd's ipfw or Mandrake's Firewall Edition OS. Check them out. I use CPFW-1 right now and I personally like it, but the future shows that you can't beat a Cisco Pix. I will go that route from here on out.

Wilnix
alt email address: wilnix@hackphreak.org

Offline Metgod

  • the deranged hacker
  • Administrator
  • Forum Hero
  • *****
  • Posts: 1116
  • Country:
  • Gender: Male
Re:For starters...
« Reply #9 on: April 03, 2002, 11:29:19 PM »
very good point, Maddy...

also, think about this:

hardware is harder to exploit than software....
look at it this way:

AV companies are fighting those evil *grin* virus writers, yet virus writers keep finding flaws
in the system, for viruses and worms, trojan horses, etc...

Windows (uh oh...) has so many holes and flaws it is incredible. It is software, period.
Other OS's have problems too, but not as many.

I could continue, but there is no reason to. The point is, software is probably more vulnerable
to exploits than hardware. One thing is Ring 3 vs Ring 0 in pmode (protected mode). That
alone shows that software has flaws. Sure, everything will have flaws (designed for a common cause
or need, but exploited as opposed to holes which are completely a mistake).

There are a lot of points, probably too many to even think about... so I think I'm done.

Oh well, Will is right, and so am I *grin*.

"My Terminal is my Soul"

Offline Metgod

  • the deranged hacker
  • Administrator
  • Forum Hero
  • *****
  • Posts: 1116
  • Country:
  • Gender: Male
Re:For starters...
« Reply #10 on: April 03, 2002, 11:34:10 PM »
btw -- best firewall:

no Internet access.
heheheh

ok, ok, seriously... best firewall system:

software + hardware

keep that in mind Zero...
"My Terminal is my Soul"

Offline wilnix

  • mv user /dev/null
  • Administrator
  • Forum Hero
  • *****
  • Posts: 690
  • Country:
  • Gender: Male
  • You're not the fastest packet in the subnet...
    • Wilnix - The NetAdmin's Resource
Re:For starters...
« Reply #11 on: April 05, 2002, 12:59:24 AM »
Just get the cheapest box you can find and run straight fbsd + ipfw....

Life will be good.

Wilnix
alt email address: wilnix@hackphreak.org

Zerored

  • Guest
Re:For starters...
« Reply #12 on: April 08, 2002, 03:59:56 PM »
Hmmm. Got it...

Offline wilnix

  • mv user /dev/null
  • Administrator
  • Forum Hero
  • *****
  • Posts: 690
  • Country:
  • Gender: Male
  • You're not the fastest packet in the subnet...
    • Wilnix - The NetAdmin's Resource
Re:For starters...
« Reply #13 on: April 16, 2002, 12:05:00 PM »
Someday when you feel brave enough, try OpenBSD too.

Wilnix
alt email address: wilnix@hackphreak.org