This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Steve_Pearson
Contributor
yesterday

SIC one time passwords

I encountered a problem today connecting a spark to a central management server in that the SIC one time password that i'd set on the management server contained a question mark, and that caused a problem when trying to use it in CLI commands.

(maybe using a password generator wasn't such a good idea, and keeping it simple would be better)

However, this got me thinking, is there a definition for the requirement of the SIC one time password, as far as, how many characters, what mix is required and importantly what characters are not allowed?

I don't recall seeing one, and searching this evening hasn't turned up anything, so I was wondering if anyone else is aware of a definition?

0 Kudos
5 Replies
Lesley
Mentor Mentor
Mentor
yesterday

As far as I know there is no minimal requirement. SIC is a one thing only, when SIC is set certificates are used for communication. 

Why the question mark did not work I am not sure could be a bug (would recommend to check the version you have installed).

Could also be user error (no offense) so if someone could reproduce it is worth checking and report as bug. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
Bob_Zimmerman
Authority
Authority
yesterday
In response to Lesley

It's probably not a bug. BASH treats the question mark character as a one-character wildcard in file names. To get it to treat the question mark literally, you need to either escape it with a backslash (not ideal, since then you might need to escape the backslash as well at some point) or enclose the whole string in ticks (technically prime marks, also called commonly called single-quotes).

0 Kudos
Lesley
Mentor Mentor
Mentor
yesterday
In response to Bob_Zimmerman

would be solved them if you perform SIC reset via web interface of the firewall 😉 

GAIA embedded I always reset via web interface

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
PhoneBoy
Admin
Admin
yesterday

The SIC password is only used once: when trust is established to the management.
It does not need to be complex (i.e. containing "special characters") but you can make it long.
This is a particularly a good idea if you're deploying gateways automatically with cloud-init (relevant for CloudGuard Network instances). 

How long the password can be...not entirely sure.

the_rock
Legend
Legend
yesterday

I know some people may disagree when I say this, but honestly, I always say to people you can easily use 1234 for SIC password, since its one-time password needed AND, on top of that, its encrypted, so really no need to be complex. I am fairly certain minimum is 4 characters, not sure about max length though.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events