Check Point defends firewall security

Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

January 05, 1998, Issue: 770
Section: News

Check Point defends firewall security

Charlotte Dunlap

Redwood City, Calif. -- High-flying firewall leader Check Point Software Technologies Inc. denied reports its technology could invite unauthorized access into a corporate firewall.

Late last month, an advisory was issued by security company Secure Networks Inc., stating that the Checkpoint Firewall-1 product allows unauthorized users to access the SNMP daemon running on the firewall.

Check Point, based here, countered that its firewall has never left any of its customers' enterprise networks vulnerable. However, the company did change a default setting and, according to its resellers, instructed them to do the same in order to tighten access control after hearing from Secure Networks.

"The fundamental issue important to our customers is, 'Are there vulnerabilities in our firewall?' " said Check Point Chief Executive Deborah Triant. "Without any changes made in the configuration of SNMP [access], there never was a vulnerability in the way it was configured [by Check Point]."

Triant said the default setting was changed "not to plug a hole, but because people made an issue about it."

In a statement on its Web site, Secure Networks, based in Calgary, Alberta, said the way Firewall-1 is configured "allows outsiders to obtain internal and confidential information about the installation and operation of the firewall and the network which it protects, without being traced."

Check Point said the alert was misleading. "They sent us a copy [of the alert] a month before, but we just considered it such a non-issue and didn't know these guys, so we didn't respond to it," Triant said.

Secure Networks officials deny Triant's assertion. Arthur Wong, chief executive officer of Secure Networks, said Check Point does know who Secure Networks is and is in "spin control."

Wong said Check Point was notified of the problem two months before it was posted. "They agreed it was a problem and said they would put out a patch," Wong said.

He said once the advisory was issued, it sparked more controversy than Check Point had anticipated. "They told us to retract the advisory. We said no," he added.

"The problem was in SNMP and the fact that their firewall in particular gives away large amounts of what should be private data to outside users. In and of itself, it wouldn't result in a direct break-in, but it could give information on the firewall configuration, traffic, statistics," he explained.

Another VAR said:"We heard from Check Point and had to go into overtime to get all our firewalls patched. It's a big problem. It's an arms race between the hacker community and the firewall community."

Observers in the security community agreed that the default configuration setting within Firewall-1 could allow outside users to obtain certain internal and confidential information about the installation and operation of the firewall and the network it protects. This information could allegedly allow the intruder to breach the enterprise network.

Security officials said the problem is not solely related to Check Point's product but is a reflection of a larger problem within the industry-that the SNMP protocol was not designed for WANs and, therefore, can be prone to security vulnerabilities.

"Most infrastructure devices use SNMP to talk to each other," said Chris Klaus, founder and chief technology officer, Internet Security Systems, Atlanta. "Many times, SNMP is misconfigured security-wise and has very weak security, if any. SNMP affects many firewalls, routers-which is the glue that holds most networks together-servers, etc. It is a big target for many hackers."