Search results for query: *

Hi, I am new to this area of security, I am aware of how to integrate a proxy with Firewall-1 using UFP. My questions are 1. Is it better to place a proxy internal and let the clients contact it direct with it define in the web broweser of the clients, or using CVP. 2. I believe you can...

Hi, I have two sites that are connected to corporate network, all clients are RFC 1918 compliant and not directly contactable by the internet, there is no on-site IT support, what is the best practice for remote mangement. I was considering setting up a management server in a private segment...

Hi, Run a registry monitoring tool such as active registry monitor, deselect the binding then compare it with the orginal registry snapshot, then create two registry files say called bind and unbind. You can then execute these as needed.

I am unsure if the client orginally had R54 installed before the upgrade, or this was a clean install. I have it in mind to remove all the CP packages via the Nokia Voyager interface, then upload, unpack and install Check Point R54 from my FTP Server. Hostname, binded to external IP facing...

Hi, Any more please share their experience of the process and any quirks in downgrading from R55 to R54 on an IPSO box. The general process you find works and any issues to be aware off. Thanks

mvvilleza do you want a hard cash figure, this would depend on what type of deal you get or partnership status.

:) I work for a IT Managed Provider, and many of our clients are government departments. You are right, the cost for all this is high. However, most companies use a firewall like Check Point which supports gateway AV scanning. You could use an open source IDS/IPS so no cost there. Interity...

Hi, Cool, why do Microsoft always have to make in a burden!

Alot less than the law suits for client personal information leaks.

Gene6 BulletProof FTP support ssl/sh I believe.

The only traffic you should be seeing with a switch is broadcast traffic in that domain generated by the switch to determines which end devices have an associated IP and MAC not yet in the CAM table. Except when SPAN port enabled. My experience with arp posining is it is usually directed at the...

Hi, Session establishment is a three stage process for TCP. Client A ----> SYN Client B Client A <---- SYN/ACK Client B Client A ----> ACK Client B This is the session established. This process requires for all communications. Also, packet flags such as RST (Reset), and FIN...

http://www.devicelock.com/

Outlook doesn't have a View, Source option like you'll find in Outlook Express. It has View, Options which shows you the Internet header in a small text box. But it only includes the Internet header, not the full message source. Using Outlook 2003 you can view the header and source together, if...

Hi, My company is a Microsoft Gold Partner, this area interested me and I spoke with Microsoft regarding this. There is no real solution without using a third-party application, Windows XP SP2 does include a workaround but is still far to administrative intensive and would not be good foryour...

Hi, ----------------- - Best Practice - ----------------- 1. Invest in an gateway anti-virus solution, Check Point can integrate CVP Servers, which supports many best-of-breed anti-virus programs. 2. In relation to home and mobile users having compromised endpoints, using somthing like Zone...

Hi, 1. You should have the use of laptops prohibited in your organisational policies, this should have management buy in, and have actions taken against users whom break it. 2. This can be enforced by technology, port security using only authorised MAC address is the most obvious way...

Hi, I agree with what you say regarding the enhanced functionality of Check Point. However, Check Point and other cisco and non-security solutions offer NAT-T, which encapsulates the IPSEC traffic so it can traverse NAT devices with invalidating the packet, thus, the router would not need to...

Hi Chris, Just a quick question, why do you perfer to perform NAT on the firewall and not the edge router? Is it becuase of functionality of CP. Thinking about it would it not place more load on the already resource intersive firewall, and does the platform really scale, Nokia is very...

Chris, If I dont NAT at the edge router. I assume I will have to assign the primary public IP to the router's external interface, then one of the public block's IP to router's internal interface and the firewall's external interface? Is this not wasteful of the router external and internal IP...