topic New Exploits for Unsecure SAP Systems, How to import Snort rule in Chinese 中文 https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/New-Exploits-for-Unsecure-SAP-Systems-How-to-import-Snort-rule/m-p/53095#M498 <P>Hello all,</P> <P>&nbsp;</P> <P>近期US-Cert發佈了SAP系統的一個新漏洞:</P> <P><A href="https://www.us-cert.gov/ncas/alerts/AA19-122A" target="_blank">https://www.us-cert.gov/ncas/alerts/AA19-122A</A></P> <P>有客戶詢問到Check Point如何進行防禦(How to Prevent);US-Cert已經先發佈了此攻擊相關的Snort Rule:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SAP_Snort.png" style="width: 959px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1131i3EB452F2AAC36B14/image-size/large?v=v2&amp;px=999" role="button" title="SAP_Snort.png" alt="SAP_Snort.png" /></span></P> <P>R80.10版本之後的客戶可以透過SmartConsole直接匯入來阻擋攻擊,步驟如下:</P> <P>Step.1 將上方的Snort rule(可以在上方的US-Cert網頁複製)貼到記事本,並另存成 「XXX.rules」 Snort檔案格式。</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SAP_rules.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1133iF8AFB1CFF402B885/image-size/large?v=v2&amp;px=999" role="button" title="SAP_rules.png" alt="SAP_rules.png" /></span></P> <P>Step.2 登入SmartConsole,切換到Security Policies頁籤,點選Threat Prevention policy,下方會有IPS Protectections的連結,點選上方的Action &gt;&gt; Snort Protections &gt;&gt; Import Snort rules &gt;&gt; 選擇剛剛另存的Snort rule:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Import_Snort.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1132i5FE128A33CB4D7C5/image-size/large?v=v2&amp;px=999" role="button" title="Import_Snort.png" alt="Import_Snort.png" /></span></P> <P>&nbsp;</P> <P>Step.3 匯入之後左下角Task會顯示匯入的進度:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Import_Snort-2.png" style="width: 352px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1134i1D271C9AE1651393/image-size/large?v=v2&amp;px=999" role="button" title="Import_Snort-2.png" alt="Import_Snort-2.png" /></span></P> <P>&nbsp;</P> <P>Step.4 匯入完成之後,在IPS Protections裡面即可以查詢到剛剛匯入的Snort特徵碼:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Import_Snort-3.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1136iAF0935FD6DD85DD1/image-size/large?v=v2&amp;px=999" role="button" title="Import_Snort-3.png" alt="Import_Snort-3.png" /></span></P> <P>&nbsp;</P> <P>Step.5 進行Profile的設定之後就可以Install Policy開始進行防禦了。</P> Fri, 10 May 2019 03:43:12 GMT Sung-Lun_Yang1 2019-05-10T03:43:12Z New Exploits for Unsecure SAP Systems, How to import Snort rule https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/New-Exploits-for-Unsecure-SAP-Systems-How-to-import-Snort-rule/m-p/53095#M498 <P>Hello all,</P> <P>&nbsp;</P> <P>近期US-Cert發佈了SAP系統的一個新漏洞:</P> <P><A href="https://www.us-cert.gov/ncas/alerts/AA19-122A" target="_blank">https://www.us-cert.gov/ncas/alerts/AA19-122A</A></P> <P>有客戶詢問到Check Point如何進行防禦(How to Prevent);US-Cert已經先發佈了此攻擊相關的Snort Rule:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SAP_Snort.png" style="width: 959px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1131i3EB452F2AAC36B14/image-size/large?v=v2&amp;px=999" role="button" title="SAP_Snort.png" alt="SAP_Snort.png" /></span></P> <P>R80.10版本之後的客戶可以透過SmartConsole直接匯入來阻擋攻擊,步驟如下:</P> <P>Step.1 將上方的Snort rule(可以在上方的US-Cert網頁複製)貼到記事本,並另存成 「XXX.rules」 Snort檔案格式。</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SAP_rules.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1133iF8AFB1CFF402B885/image-size/large?v=v2&amp;px=999" role="button" title="SAP_rules.png" alt="SAP_rules.png" /></span></P> <P>Step.2 登入SmartConsole,切換到Security Policies頁籤,點選Threat Prevention policy,下方會有IPS Protectections的連結,點選上方的Action &gt;&gt; Snort Protections &gt;&gt; Import Snort rules &gt;&gt; 選擇剛剛另存的Snort rule:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Import_Snort.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1132i5FE128A33CB4D7C5/image-size/large?v=v2&amp;px=999" role="button" title="Import_Snort.png" alt="Import_Snort.png" /></span></P> <P>&nbsp;</P> <P>Step.3 匯入之後左下角Task會顯示匯入的進度:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Import_Snort-2.png" style="width: 352px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1134i1D271C9AE1651393/image-size/large?v=v2&amp;px=999" role="button" title="Import_Snort-2.png" alt="Import_Snort-2.png" /></span></P> <P>&nbsp;</P> <P>Step.4 匯入完成之後,在IPS Protections裡面即可以查詢到剛剛匯入的Snort特徵碼:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Import_Snort-3.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1136iAF0935FD6DD85DD1/image-size/large?v=v2&amp;px=999" role="button" title="Import_Snort-3.png" alt="Import_Snort-3.png" /></span></P> <P>&nbsp;</P> <P>Step.5 進行Profile的設定之後就可以Install Policy開始進行防禦了。</P> Fri, 10 May 2019 03:43:12 GMT https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/New-Exploits-for-Unsecure-SAP-Systems-How-to-import-Snort-rule/m-p/53095#M498 Sung-Lun_Yang1 2019-05-10T03:43:12Z