This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SerB
Explorer
‎2020-06-02 01:20 PM

When you can't send everything to TAC.

Hello Chack Mates,

I have a problem, and I need your advice. I found a job that I have been seeking for a long time. There is a big customer who has got a lot of Checkpoint appliances. But they also have some security rules about personal information. And sometimes, my hands are tied when I can't send some information that TAC needs to solve a problem. For instance, I found a core dump file. It contains IP addresses, object names, and I also suspect that it contains usernames e.t.c. And I can't send it to them. Does anyone have experience of working with a client like this one? What should I do?
First I was thinking to write a parser. But to find all information that I need to remove, I have to know what to search. It's easy to remove IP addresses. The regular expression to find them is easy to write. But there might be a lot of other personal information. It's impossible to create all templates.

0 Kudos
4 Replies
HristoGrigorov
Mentor
Mentor
‎2020-06-02 11:19 PM

The core dump is usually needed to see the stack trace. You may try to ask TAC for a remote session to extract this stack trace from the core dump right in the appliance or on some other machine suitable for that.

0 Kudos
SerB
Explorer
‎2020-06-07 12:22 PM
In response to HristoGrigorov

Thank you for your reply! Yes, we've already tried that. They gave me a script but it shows an error. It looks like the core dump file is corrupted.

But the problem is bigger than this one file. That's why I created this topic. Someone else has problems like that or is it just I was so lucky to find a job like this one. If it's normal I would try to get along as far as I could, but if it's not I would try to find another job because I'm getting tired of it.
0 Kudos
_Val_
Admin
Admin
‎2020-06-08 12:09 AM
In response to SerB

Several points:

  1. TAC is often requiring many different sensitive info from the end customer's environment.
  2. In my personal view, it is okay to trust a security vendor with sensitive information. Same goes to a certified support partner. There is a legal protection in place as part of your support contract. Also, would there be a leak, reputation damage to vendor/partner would be devastating. 
  3. In many cases, it is extremely hard to get a grip on a situation, if expected tools are unavailable: cpinfo, debug files and remote access.

I have been in situations where end customers could not provide appropriate means of support to security vendors. In some occasions, I had to be eyes and ears to support on customers' sites where no files could be sent and no remote access possible. Not the best experience.

Usually that costs time, efforts, much more money and frustration. Yet, sometimes there is nothing you can do about it.


GalitS
Employee
Employee
‎2020-06-09 12:17 AM

Hi

My name is Galit Sadi and I am the TAC Project Manager

I would be happy to take it offline and try to assist you.

Please contact me at galits@checkpoint.com 

 

Thx 
Galit 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events