Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HeikoAnkenbrand
Champion Champion
Champion

Script from unknown users - security risk?

Many interesting scripts and SmartConsole extensions can be found in the CheckMatesToolbox.

In the last few weeks I have been reading the comments of users again and again, should you execute scripts from unknown users on a firewall. This has been a fundamental question for me for years.

From my point of view, this should not be done, as there is a considerable risk on a productive firewall. 

But I personally write my scripts in such a way that everyone can read the source code cleanly.
This gives everyone the chance to analyse the script code.

Checkmates, what do you think about this topic?

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
10 Replies
SATO_SOG
Explorer

I agree with you.

Here we should think about the following:
Are millions of lines of Linux code not also a security risk?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Here we should think about the following: Are humans basically a security risk?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
(1)
Bärbel
Participant

Thats called whataboutism.

_Val_
Admin
Admin

Actually, @G_W_Albrecht has a point 🙂 Humans are the main reason cyber security has so many threats 🙂

MAlter
Explorer

I agree with @G_W_Albrecht.
Software is only so secure as the human mind behind it.

0 Kudos
the_rock
Legend
Legend

Well, thats true, but considering AI is taking over the world, humans wont even be needed to do much work soon lol

0 Kudos
G_W_Albrecht
Legend Legend
Legend

No, this is not an argument - it was only meant as a parody of SATO_SOGs nonsense 😎

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
JozkoMrkvicka
Authority
Authority

If some admin would like to have extension installed on the management, the extension should be first checked by experienced colleague who will give a green light if such a features are safe to be deployed. Tested in lab, of course.

Each and every extension should be available offline (locally present on management by selecting the json file), not downloaded from public internet.

Kind regards,
Jozko Mrkvicka
(1)
PhoneBoy
Admin
Admin

You’ve heard of Linux, right?
It ultimately came from a bunch of random people on the Internet.
Yet, so much of our modern technology landscape is possible because of Linux.

One of the ways trust is built is by publishing source code.
That along with the licensing allowed for wide adoption, reuse, and…trust.

One of the requirements for inclusion in Toolbox is publishing of source code.
This gives you the confidence to see for yourself what’s being done before you decide to use it.

For scripts and the like, you can see what’s being done for yourself easily enough.
The SmartConsole Extensions are a little trickier because of how they are implemented (require a web server stood up).

0 Kudos
the_rock
Legend
Legend

To me, personally, like everything in life, it all comes down to really one single word...TRUST. As my late grandfather always used to say "If you trust someone only 99%, thats not good enough". I think thats a very good point.

Just my take on it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events