Firewall tech pioneer Gil Shwed: Former teen sysadmin on today's infosec biz Twenty years after the technology behind FireWall-1 was first developed, the teenage coding prodigy who founded Check Point says that "IT security is [still] very hot". Shwed, 44, is the co-founder, chief exec and chairman of Check Point, whose FireWall-1 software, according to the firm, is installed at every Fortune 100 …
Back when I first installed FW/1, I was puzzled to find that they wanted the external IP address of the device before they would send the licence key (I assumed that the key would be hashed to that address in some way). No entirely happy with that, I stuck mine behind a NAT device so that the external address I gave them was drawn from RFC 1918,
This post has been deleted by its author
"Back when I first installed FW/1, I was puzzled to find that they wanted the external IP address of the device before they would send the licence key (I assumed that the key would be hashed to that address in some way). No entirely happy with that, I stuck mine behind a NAT device so that the external address I gave them was drawn from RFC 1918"
Um.... not sure where you're going with this? The Check Point license is tied to an ip address on the device (doesn't need to be the external, but often is), but what is it you think will happen if you "give" Check Point your ip address exactly? They'll know where you are?
If you're genuinely concerned about that, can I just point out that you're worrying about giving your ip address to a company you trust enough to install their software and use it as a firewall. If they're keen to do something to you, then given they write the software you're using, I don't think you not telling them your public IP is going to achieve anything except calm your paranioa
In the early 90's I worked for a large company that had an Internet connection because some people in the Research Division leased time from a Super Computer for some molecular modeling.
One day I was working with a user who was installing a new client application that my group would have to support. I noticed that as she was entering the parameters in the setup program she specified a port number of 1433. After the application was set up, I high-tailed it to my managers office, and told him that they were running a server on a port that was above the range of "well-known" ports up to 1024, that I knew were blocked from outside access. After a brief panic, plans were put in place to put a real firewall in place, so that, a few days later when worried queries about Sales people being able to access this internal database from their CompuServe accounts came up, we were able to say with a straight face that we already had a plan in place to deal with it!
I knew about the blocked ports because I'd recently run a Gopher server in my user account on our VAX, and because I was only an ordinary user, I'd had to specify a high port for the Gopher process to use. I had shared this Gopher server address with a user at an academic institution and they were able to access it - my manager was OK with that, but the sales database was a different matter altogether!
I've been using Checkpoint software for 15 years and my memory is obviously better than Check Point's;
http://tools.cisco.com/security/center/viewAlert.x?alertId=2409
Unless their definition of a breach doesn't include their software being bypassed;
"I like it, so why should I do something else? The chances of founding another firm that's as interesting and successful aren't high," Shwed said
That's funny because starting another company is exactly what one of his former business partners did. PaloAlto has been taking market share from Checkpoint rather fast for being so new. Their product is very compelling and as a long time FW-1 user (16 years), I'm giving it serious consideration as a replacement.
That doesn't make any sense. You think he should quit Check Point to set up a rival firewall vendor to take market share away from Check Point? That will become more successful than Check Point (Palo Alto currently aren't)
Fair enough someone else doing it, but he was discussing what options HE has, and that doesn't really sound like one.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
