At 09:43 AM 6/27/97 -0400, you wrote:
Thanks for taking the time to get this cleared up. Your mail from
Checkpoint is greatly appreciated. It was an intelligent mail and
deserves an intelligent response. It also raised some issues
(thankfully, more on the lines of firewalling technology than spy
stuff). FWIW, this will be my last mail on the Mossad issue.
>Forwarded response from Checkpoint concerning Mossad..
>>To: mht <mht @
>>Cc: deb <deb @
>>From: support <support @
>>Date: 27 Jun 97 14:24:35 ZET
>>Subject: TT0000011229 Re: Pulling out Checkpoint-1 firewalls
>>>>Why do I hear about companies pulling out Checkpoint-1 firewalls for
>>>>security reasons, or security expert recommendations to remove Checkpoint?
>> This the first we've heard about it. Granted, Firewall-1, by itself,
>>will not secure your network because you can misconfigure it, but that's
>>not a reason to pull it out and leave yourself completely exposed - it's
>>a reason to learn how to configure it properly.
>>>>I've heard some (unverified) concern about a possible Mossad/Checkpoint
>>>>connection, but is there something hard and specific that I'm missing,
>>>>besides the fact the firewall has filters but no proxies?
The filters but no proxies issue has nothing to do with it. The lack of
proxies is a technical area which I think should be addressed in another
>> The fact that Firewall-1 does not have proxies is because we don't
>>need them. Stateful inspection provides you with the same level of security,
>>but without having to go through a proxy, which has a high performance cost.
Interesting. I recently spoke to another Checkpoint employee who claimed
that the Firewall-1 does have proxies and that the proxies are there because
some customers required it. If it's not too much trouble, could you check
into this & send me an e-mail with the results?
>> As for our alleged connection with the Mossad, I can assure you we
>>don't have such a connection. However, that might not be enough for you,
>>because even if I were a Mossad agent I'd still reassure you I wasn't.
>> Instead, I'll appeal to your logic. Any Firewall you may buy was
>>written in a country with a security service, which could have written
>>a backdoor into it.
Thanks for the clarification. As mentioned earlier, I'm dropping this
>>Is there any reason why the Israely Mossad worries
>>you more than the US's NSA or any other equivalent agency?
Well, an employee of the CIA (Pollard?) was caught spying on behalf
of Israel only 2-3 years ago.
On a separate, but similar note, Checkpoint has been submitted for
evaluation to be used in an environment in which it may be connected
to classified networks. (This info is not classified, as it is on an
Internet web site).
Please don't be offended at this, but I'm uncomfortable with the
thought that a product from a nation which was caught spying on
the USA may potentially be connected to classified networks.
However, this is an issue for our gov't to deal with - not me,
and not this list.
>>worried that Israely law makes Checkpoint but a backdoor into the Firewall
>>in a way that US laws don't, I can assure you that is not the case,
>>although you wouldn't be able to verify me without an expensive legal
>>search, which you will obviously have to do yourself.
I didn't mention the backdoor & won't address it.
>> There is another matter, and that is that a major intelligence
>>agency, such as the Mossad or the N.S.A. probably has other ways to
>>get at your computers. For an analysis of this risk, please refer to
>>the PGP documentation, available at URL
Ori, Thanks for the pointer and more importantly, thanks for your
polite response to a sensitive subject. I appreciate your candor
and the time you put into writing your mail. Thanks again.
>> Ori Pomerantz
>> Support Engineer
PS - As far as I am concerned, the threads about the Mossad are dead.
If someone else wants to continue on with the thread, they will
do so without my help.
The opinions of the author of this mail may not necessarily be
representative of the opinions of Fortifed Networks, Inc.
Fortified Networks, Inc. - http://www.fortified.com/
Expert (vendor-neutral) Computer and Network Security Consulting
Phone: (317) 573-0800 Fax: (317) 573-0817