This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LostBoY
Advisor
‎2021-06-11 06:15 AM

Risk Mitigation in cp gw

The following vulnerabilities and suggested fix have been reported in CP GW Cluster.. these are on R80.40 

However.. i am unable to find these on the path suggested... where can i edit these via smartConsole/cli ? 

 

1)IPS configuration - No check for out of sequence TCP packets

Suggested fix - 

We recommend that you use the Check Point SmartDashboard to enable Sequence Verifier:

IPS Tab =>Protections =>By Protocol => Network Security => TCP => Sequence Verifier

2)IPS configuration - No flood protection

Suggested fix - 

We recommend that you use the Check Point SmartDashboard to enable some of these properties:

Non TCP Flooding: IPS Tab => Protections => By Protocol => Network Security => Denial of Service => Non TCP flooding

SYN Attack protection: IPS Tab => Protections => By Protocol => Network Security => TCP => SYN Attack Configuration

SYN Attack protection can be enabled by either unchecking the "Override module's SYNDefender configuration" to use the module configured protection or checking the "Activate SYN Attack protection".

3)  Missing Application Control “Block” rules

Suggested Fix - 

Your firewall is installed with the Application Control blade, but the corresponding “Application & URL Filtering” policy does not consist of any “Block” rules. Having no such rules, the “Application & URL Filtering” policy doesn’t practically have any filtering effect on the traffic traversing the firewall.

Remedy
Add at least one rule with action “Block” to the “Application & URL Filtering” policy.

 

In this case i already have a first rule as block in application layer policy and second layer allow all.. is this not the correct way to implement ?

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2021-06-11 12:26 PM

What precisely generated these recommendations?
The remediation steps look consistent with R77.x and not R8x.
I believe those IPS protections are actually Inspection Settings in R8x (though haven’t looked).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events