Hello all,
近期US-Cert發佈了SAP系統的一個新漏洞:
https://www.us-cert.gov/ncas/alerts/AA19-122A
有客戶詢問到Check Point如何進行防禦(How to Prevent);US-Cert已經先發佈了此攻擊相關的Snort Rule:
R80.10版本之後的客戶可以透過SmartConsole直接匯入來阻擋攻擊,步驟如下:
Step.1 將上方的Snort rule(可以在上方的US-Cert網頁複製)貼到記事本,並另存成 「XXX.rules」 Snort檔案格式。
Step.2 登入SmartConsole,切換到Security Policies頁籤,點選Threat Prevention policy,下方會有IPS Protectections的連結,點選上方的Action >> Snort Protections >> Import Snort rules >> 選擇剛剛另存的Snort rule:
Step.3 匯入之後左下角Task會顯示匯入的進度:
Step.4 匯入完成之後,在IPS Protections裡面即可以查詢到剛剛匯入的Snort特徵碼:
Step.5 進行Profile的設定之後就可以Install Policy開始進行防禦了。
Thu 13 Feb 2025 @ 03:00 AM (CET)
Navigating the Cyber Frontier: A Check Point Executive Briefing - APACThu 13 Feb 2025 @ 03:00 PM (CET)
Navigating the Cyber Frontier: A Check Point Executive Briefing - EMEAThu 13 Feb 2025 @ 02:00 PM (EST)
Navigating the Cyber Frontier: A Check Point Executive Briefing - AmericasFri 14 Feb 2025 @ 10:00 AM (CET)
CheckMates Live Netherlands - Sessie 33: CPX 2025 terugblik!Tue 18 Feb 2025 @ 03:00 PM (CET)
Why Adding SASE to Your Network Infrastructure is a Win-Win - EMEATue 18 Feb 2025 @ 02:00 PM (EST)
Why Adding SASE to Your Network Infrastructure is a Win-Win - AMERICASThu 13 Feb 2025 @ 03:00 AM (CET)
Navigating the Cyber Frontier: A Check Point Executive Briefing - APACThu 13 Feb 2025 @ 03:00 PM (CET)
Navigating the Cyber Frontier: A Check Point Executive Briefing - EMEAThu 13 Feb 2025 @ 02:00 PM (EST)
Navigating the Cyber Frontier: A Check Point Executive Briefing - AmericasFri 14 Feb 2025 @ 10:00 AM (CET)
CheckMates Live Netherlands - Sessie 33: CPX 2025 terugblik!Tue 18 Feb 2025 @ 03:00 PM (CET)
Why Adding SASE to Your Network Infrastructure is a Win-Win - EMEATue 18 Feb 2025 @ 02:00 PM (EST)
Why Adding SASE to Your Network Infrastructure is a Win-Win - AMERICAS
