topic Vulnerability / scanning in Firewall and Security Management

Vulnerability / scanning

ojuser — Thu, 27 Jun 2019 10:16:24 GMT

Hi All,

Any suggestion on how can I perform the VA for my on premises Checkpoint firewall. R.77. Is there any open source tool available for this. Please let me know.

Regards,

Re: Vulnerability / scanning

Benedikt_Weissl — Thu, 27 Jun 2019 16:15:13 GMT

Hi,

greenbone has a community edition and both nexpose and nessus are available as trial versions. That being said, if you want an accurate assessment I'd suggest you hire a professional for a pentest. I know those aren't cheap, but a data breach will be even more expensive in the end.

Regards

Re: Vulnerability / scanning

PhoneBoy — Thu, 27 Jun 2019 21:38:17 GMT

Just to be clear, vulnerability assessment tools only scan and list things a platform might be vulnerable too based on certain observables.
They don't necessarily tell you what might be exploitable on a given platform.
For example, the version of Apache and OpenSSH we use in Gaia is considered "old" and vulnerable to some security issues.
However, because of configuration and applied patches, these issues aren't relevant on our system.

Also, if you're just now deploying an R77.x version, know that R77.x will be End of Support in September 2019.
I'd strongly consider deploying a later version that will be supported beyond this date.