https://community.checkpoint.com/t5/Mobile/Policy-Settings-for-Wi-Fi-Networks/m-p/39559#M203 <HTML><HEAD></HEAD><BODY><P>The Policy Settings for Wi-Fi networks has been expanded to allow administrators to set the risk level for different kinds of man-in-the-middle attacks and to add additional external URLs used to detect man-in-the-middle attacks.</P><P></P><P>These settings can be configured by navigating to <STRONG>Settings &gt; Policy Settings &gt; WiFi Network.</STRONG></P><P></P><H2>Changing the Risk Level for the types of man-in-the-middle attacks</H2><P>The administrator can change the risk level for SSL Stripping, SSL Interception (Basic), and SSL Interception (Advanced) to one of the following levels:</P><UL style="list-style-type: disc;"><LI>High (Device Alert) - default</LI><LI>Medium (Device Alert)</LI><LI>Medium (No Device Alert)</LI><LI>Medium (Dismissive Device Alert)</LI><LI>Low</LI><LI>No Risk</LI></UL><P><IMG __jive_id="63525" class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/63525_pastedImage_1.png" style="width: 620px; height: 375px;" /></P><P></P><H3>Definitions</H3><TABLE class="j-table jiveBorder" style="border: 1px solid #c6c6c6;" width="100%"><THEAD><TR style="background-color: #efefef;"><TH>Term</TH><TH>Definition</TH></TR></THEAD><TBODY><TR><TD><P>SSL Stripping</P></TD><TD><P>MitM attack that intercepts all network traffic redirection from HTTP to HTTPS and "strips" the HTTPS call leaving the traffic as HTTP.</P></TD></TR><TR><TD><P>SSL Interception (Basic)</P></TD><TD><P>MitM attack that intercepts HTTPS traffic by using an invalid certificate that does not exist on the device's trusted certificates or not trusted by a root CA.</P></TD></TR><TR><TD><P>SSL Interception (Advanced)</P></TD><TD><P>MitM attack that intercepts HTTPS traffic by using a valid certificate that does not match the certificate of the server.</P></TD></TR></TBODY></TABLE><P></P><H2>Configuring additional external URLs for man-in-the-middle detection</H2><P>Man-in-the-middle attacks are detected by making https function calls from the device to a honeypot. In case an attacker managed to drop or intercept the connection to the known honeypot, the man-in-the-middle detection will fail to detect the attack. Allowing the administrator to enter additional external URLs to the inspection list, the man-in-the-middle detection is extended to check more websites, making it harder for attackers to circumvent the man-in-the-middle detection.</P><P>Adding websites used by your organization for day-to-day business is recommended.</P><P><IMG __jive_id="63526" class="image-2 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/63526_pastedImage_8.png" style="width: 620px; height: 377px;" /></P></BODY></HTML> Wed, 07 Mar 2018 23:37:23 GMT Pamela_S__Lee 2018-03-07T23:37:23Z https://community.checkpoint.com/t5/Mobile/Policy-Settings-for-Wi-Fi-Networks/m-p/39559#M203 <HTML><HEAD></HEAD><BODY><P>The Policy Settings for Wi-Fi networks has been expanded to allow administrators to set the risk level for different kinds of man-in-the-middle attacks and to add additional external URLs used to detect man-in-the-middle attacks.</P><P></P><P>These settings can be configured by navigating to <STRONG>Settings &gt; Policy Settings &gt; WiFi Network.</STRONG></P><P></P><H2>Changing the Risk Level for the types of man-in-the-middle attacks</H2><P>The administrator can change the risk level for SSL Stripping, SSL Interception (Basic), and SSL Interception (Advanced) to one of the following levels:</P><UL style="list-style-type: disc;"><LI>High (Device Alert) - default</LI><LI>Medium (Device Alert)</LI><LI>Medium (No Device Alert)</LI><LI>Medium (Dismissive Device Alert)</LI><LI>Low</LI><LI>No Risk</LI></UL><P><IMG __jive_id="63525" class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/63525_pastedImage_1.png" style="width: 620px; height: 375px;" /></P><P></P><H3>Definitions</H3><TABLE class="j-table jiveBorder" style="border: 1px solid #c6c6c6;" width="100%"><THEAD><TR style="background-color: #efefef;"><TH>Term</TH><TH>Definition</TH></TR></THEAD><TBODY><TR><TD><P>SSL Stripping</P></TD><TD><P>MitM attack that intercepts all network traffic redirection from HTTP to HTTPS and "strips" the HTTPS call leaving the traffic as HTTP.</P></TD></TR><TR><TD><P>SSL Interception (Basic)</P></TD><TD><P>MitM attack that intercepts HTTPS traffic by using an invalid certificate that does not exist on the device's trusted certificates or not trusted by a root CA.</P></TD></TR><TR><TD><P>SSL Interception (Advanced)</P></TD><TD><P>MitM attack that intercepts HTTPS traffic by using a valid certificate that does not match the certificate of the server.</P></TD></TR></TBODY></TABLE><P></P><H2>Configuring additional external URLs for man-in-the-middle detection</H2><P>Man-in-the-middle attacks are detected by making https function calls from the device to a honeypot. In case an attacker managed to drop or intercept the connection to the known honeypot, the man-in-the-middle detection will fail to detect the attack. Allowing the administrator to enter additional external URLs to the inspection list, the man-in-the-middle detection is extended to check more websites, making it harder for attackers to circumvent the man-in-the-middle detection.</P><P>Adding websites used by your organization for day-to-day business is recommended.</P><P><IMG __jive_id="63526" class="image-2 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/63526_pastedImage_8.png" style="width: 620px; height: 377px;" /></P></BODY></HTML> Wed, 07 Mar 2018 23:37:23 GMT https://community.checkpoint.com/t5/Mobile/Policy-Settings-for-Wi-Fi-Networks/m-p/39559#M203 Pamela_S__Lee 2018-03-07T23:37:23Z