some comparison between checkpoint and Palo Alto - Page 2

paul200310 · ‎12-16-2017

I see some comparison between checkpoint and Palo Alto. I just share some difference.

Checkpoint coded top of Linux kernel. **Palo Alto coded on top of free BSD similar to Juniper firewall.
Checkpoint called unified blade. **In Palo alto similarly provide same feature with different license.
Checkpoint we called URL filtering blade. **In Palo Alto we see bride cloud for URL filtering.
Checkpoint IPS called IPS blade. **In Palo Alto we call it Wildfire.
Checkpoint called Identity awrenes. **In Palo Alto User ID.
Checkpoint called say serial processing. **In Palo Alto it is parallel processing.

Ultimately while we see data britches we should go by history and debates come through and see similar code being manipulated in different firewall in different name.

Checkpoint and Palo Alto both work on tasteful firewall technology finally who is most popular. Are we not thinking that reverse engineering still alive and codes are still siphoned off one same technology to other same type of technology.

History says that someone coded NetScreen OS and same code being merged with Juniper but who wrote NetScreen he itself form a company called Fortinet.

If you go via bit by bit see Symantec file multiple law suit against Zscaler, Inc.

You may thing that why I am explaining all this bogus topic!!!!..

Are Firewall coding enough Secure no one can run espionage tool and collect core of it's coding.

Just to give an heads up to all folks.

Cyber

paul200310 · ‎12-17-2017

In side some coding compile with FreeBSD only.

https://lists.freebsd.org/pipermail/freebsd-jobs/2011-July/000773.html

Cyber

Badfilemagic · ‎12-17-2017

That is a job posting from a guy at a company called Ubalo that happened to be in Palo Alto, CA, which is a city where PANW is based which has nothing else to do with PANW. Its a data search company. So I’m not really sure what you think this is proof of.

-- wdf//CISSP, CSSLP

Early_Adopter · ‎12-17-2017

On the OS/Security topic...

The old Secure Computing Sidewinder G2's were based of some flavor of BSD(BSDi...?) and then they moved to FreeBSD. Lot's of good reading here about how and why things were done:

https://cryptosmith.com/mls/lock/

So Secure Computing had a bit of a marketing fetish for the OS security, Administrative and Operational kernels and as they used FreeBSD I guess it would be plausible, but if I was supporting/building anything today - I'd likely use CEntOS. I'm with WDF - to get proof you'd want to get on the CLI or the filesystem and you'd probably find out pretty quickly, but at that point you have to ask yourself why you care?

If it's really so important that the OS is secure you should hang around with the guys at https://www.openbsd.org, but you should know I'm only going to attack your firewall if I can't get in anywhere else - I'm reasonably sure it's had a lot of work done on it, and it's probably pumping all it's logs back to your SOC, and it's listening for attacks, and the traffic going through it is probably SSL/TLS the most part. Just sounds like anything from Palo alto Networks or Checkpoint would be very crunchy.

Badfilemagic · ‎12-17-2017

OpenBSD is cool and I really appreciate them. I like HardenedBSD, too, which is a downstream fork of FreeBSD which applies PaX type hardening for exploit mitigations but is othewise FreeBSD from a usability standpoint. I have contributions in both FreeBSD and HardenedBSD.

-- wdf//CISSP, CSSLP