cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Enabling web server security

Jump to solution

Hi guys,
I have a checkpoint firewall with ngtx. I want to enable web security for my web servers (sql injection, cross site scripting etc.). I did this by creating a host of web server and enabled the protections.

Is that all or do I need to add something else somehwere too. In the guide it mentions the following "Enforcement of these protections are dependent on IPS profile" What does that mean?

Also how can I test that these protections are working via some testing method?

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Employee+
Employee+

Re: Enabling web server security

Jump to solution

Hi Vladimir,

1. Open a Core Protection

2. In General Tab double click  a profile (e.g. Optimized)

3. Go to Advanced Tab

coreprotect1.PNG

20 Replies
Admin
Admin

Re: Enabling web server security

Jump to solution

Protections can be enabled/disabled in your IPS profile and/or your Threat Prevention policy, depending on management and gateway version.
It would be helpful if you specified the exact steps you followed and provided some screenshots of exactly what you did.
Also, anytime you make changes to IPS, you need to push the Threat Prevention policy (Access Policy for R77.x Gateways).

As far as testing some of these protections, you can use a tool like Burp Suite.

Re: Enabling web server security

Jump to solution

Hi Phoneboy,

Thanks for suggesting BurpSuite, I have applied for a trial.

As for the steps, I did the following

- Created a new host
- Clicked on Servers>Web server>Protections
- Protections were enabled already.
- Pushed the Threat Policy ( exisiting Policy is Scope=Any and Action=Optimized )

 

Webserver.png

 

0 Kudos

Re: Enabling web server security

Jump to solution

Hi Guys,

Kindly help me to know if this is correct. Appreciate the help.

0 Kudos
Admin
Admin

Re: Enabling web server security

Jump to solution

What does your Threat Prevention rulebase look like?

0 Kudos

Re: Enabling web server security

Jump to solution

Dear PB,
My threat policy is "ANY" and "OPTIMIZED"

0 Kudos

Re: Enabling web server security

Jump to solution
I am curious about this as well. I thought we just need to configure the Profile protection and it will apply; This looks very specific to web server; do we need to configure all the web server object this way?
0 Kudos
Wolfgang
Silver

Re: Enabling web server security

Jump to solution

Frank_Yao1,

to enable the Webserver-protections you have to enable the servertype Webserver and the protections on all your webservers host objects.

Wolfgang

0 Kudos

Re: Enabling web server security

Jump to solution

Dear Wolfgang,

I want to confirm if my config is right or not.

0 Kudos
Admin
Admin

Re: Enabling web server security

Jump to solution
Your configuration is correct (assuming gateway is R80.x).
Wolfgang
Silver

Re: Enabling web server security

Jump to solution

Yes Kandarp, you config looks good. 

Wolfgang

Admin
Admin

Re: Enabling web server security

Jump to solution
This was required pre-R80.x, but I don't believe this is no longer required.
0 Kudos
Vladimir
Pearl

Re: Enabling web server security

Jump to solution

@PhoneBoy , please clarify:

Are we still required to configure the Web Server objects and their protections individually, or is the "Optimized" profile taking care of that irrespective to the target server?

Thank you,

Vladimir

 

P.S. It is really difficult to track which response is relevant to which thread in the forum unless person is mentioned by name and the excerpt from their post is included in the reply. 

0 Kudos
Wolfgang
Silver

Re: Enabling web server security

Jump to solution

 @Vladimir and @PhoneBoy 

I follow Vladimir, there should be a statement for the web security configuration.

I think it is too needed in R80.xx, there are no protections like „SQL injections, cross site scripting, etc. „ in the normal IPS protections. 

Dameon, please can you clarify if needed or not.

Wolfgang

0 Kudos
Admin
Admin

Re: Enabling web server security

Jump to solution
I'm checking this, but I don't believe it's required.
0 Kudos
Admin
Admin

Re: Enabling web server security

Jump to solution
Checking on all of it 🙂
And yes, I'm aware we need to add indents in threads, but that's turning out to be a bigger problem to solve than it should be.
0 Kudos
Employee+
Employee+

Re: Enabling web server security

Jump to solution

Yes you are still required to do that. Those protections have moved to so called core protections that are installed with Access Control Policy. See my full response to this thread.

 

EDIT: I thought this response would have shown under Vladimir's question. Hmmm... 

Employee+
Employee+

Re: Enabling web server security

Jump to solution

Hi!

 

There two types of protections (or actually three if you count also inspection settings):

Threat Cloud Protections that are the actual IPS Protections updated from Check Point Threat Cloud. These protections are installed with the Threat Prevention Policy.

Core Protections are protections that require IPS blade, but are there by default (there are 39 of them or so). These protections are installed with the Access Control Policy. 

Core Protections are assigned directly to the gateways with their profile. You can then select whether you want this specific protection to be assigned to a selected web server or not (if it's a web server related protection). If you know your web servers and have configured them, make sure "Apply to Selected Web Servers" is selected. Otherwise select "Apply to all HTTP Traffic". By clicking View you can view the web servers that you have configured in the host object as a web server.

coreprotect3.PNG

 

Vladimir
Pearl

Re: Enabling web server security

Jump to solution

@Lari_Luoma , how on earth did you get to see the screen from your post above 🙂 ?

I am pocking in both, R80.20 and R80.30 in Core Protections and all I am seeing is:

image.png

 

and when editing the selected "HTTP Header Patterns", I am seeing:

image.png

 

Which, IMHO, got to mean that the entire scope is protected and that there is no need to cherry-pick the Web Servers.

Am I looking at this wrong?

Highlighted
Employee+
Employee+

Re: Enabling web server security

Jump to solution

Hi Vladimir,

1. Open a Core Protection

2. In General Tab double click  a profile (e.g. Optimized)

3. Go to Advanced Tab

coreprotect1.PNG

Vladimir
Pearl

Re: Enabling web server security

Jump to solution

Thank you @Lari_Luoma !  I am looking at it now.

One comment for Check Point developers: If you have a protection that is not really being enforced until additional settings are configured, perhaps another icon and action should be defined for it (i.e. gear with "config required").

0 Kudos