PDA

View Full Version : How Secure is communication between the modules?



Barry J. Stiefel
2005-08-13, 15:07
How Secure is communication between the modules?



In the NG release of FireWall-1, SSL with certificates is used between all components, including the management GUIs.

In earlier releases, it is as follows:


Prior to 4.1 SP2: fwa1 (supposedly 192bit) between modules if encryption license is present, otherwise authenticated with S/Key
4.1 SP2 and future versions of 4.1: fwa1 (192bit)


Note that I do not recommend using your VPN rules to allow management traffic between the firewall and management console. You could very easily get yourself into a bind where the VPN breaks and have a hell of a time getting things working again because your security policy only permits policy loads through the VPN rules.

-- GuyR (http://www.phoneboy.com/bin/view.pl/Main/GuyR) - 09 Jan 2004

FAQForm (http://www.phoneboy.com/bin/view.pl/FAQs/FAQForm) FAQs.Class: RemoteManagementFAQs (http://www.phoneboy.com/bin/view.pl/FAQs/RemoteManagementFAQs) FAQs.OS: FAQs.Version:

numpty
2005-08-15, 14:19
Does this mean SSL runs over the top off all management TCP/UDP ports? Is every communication, including fetching logs, syncing to secondary MM, SNMP etc, etc. There is a long list of ports at the following URL.

http://www.fw-1.de/aerasec/ng/ports-ng.html

When you say SSL between all components including GUI does the encryption differ? SSLCa v SSLCA ASYM? What are the differences between the SSLCa and SSLCA ASYM? Is it perhaps Symmetric 168 DES V Assym 1024?

Do you know of a decent paper on this subject?

Thanks