This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
zkg
Explorer
‎2024-07-08 08:26 AM

IoT Security Alerts

Dear all,

We use a locally managed Quantum Spark 1800 appliance R81.10.10 (996002945). The appliance allows to monitor IoT devices. However this monitoring seems to be faulty.

For example:
We have (among others) two HP computers which are listed as such under Monitoring>Assets. In particular they are not listed under IoT assets. However, if one of these computers connects to the other, we obtain a "Security Alert" that reads "Unauthorized domain IoT access". Since neither of the two computers are listed under IoT assets the above alert makes no sense to us.

With this post we wanted to inquire other users if they have seen the same behaviour as described above and how to fix the issue?

Best regards,
Gabriel Pescia

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2024-07-08 12:49 PM

I assume you can configure an override to resolve the issue: https://support.checkpoint.com/results/sk/sk181988 

0 Kudos
Dafna
Employee
Employee
‎2024-07-08 10:41 PM

Hi,

I'm Dafna working as a team leader at  Quantum Spark R&D.

You are right - this is no the expected behavior,

Is it possible to access your GW via reach my device or remote session to check it?

I'm Dafna, a team leader at Quantum Spark R&D.

You are right; this behavior is not what we would expect.

Would it be possible to access your GW via "Reach My Device" or a remote session to check it?

Thanks,

   Dafna

 

0 Kudos
zkg
Explorer
‎2024-07-12 01:15 AM
In response to Dafna

Hi Dafna,

thanks for your reply. Because of security reasons we cannot provide direct access to the device.
Would you be able to provide necessary trouble shooting steps, which we can perform on our own, to figure out what is going wrong?

We have also noticed another problem: We have 10 devices listed under the same IoT group. The group shows as policy: "Prevent". However the top panel under "Access Policy>IoT" shows 5 of these devices as "Unproteceted Assets". Do you have an idea what might be the problem there?

Best regards,
Gabriel Pescia

0 Kudos
Dafna
Employee
Employee
‎2024-07-13 11:01 PM
In response to zkg

Hi,

Please provide the following information:

Issue #1:

  1. cpinfo
  2. screen shot of the relevant security logs which are relevent to the HP computers
  3. The last notification which you got on those computers
  4. screen shot of your outgoing policy
  5. output of the following commands:
    •  pt fwGeneratedRule
    • fw tab -t iot_cleanup_rule_num_table

Issue #2:

1. send the device type and vendor

2. screen shot of the IOT page and asset page (I want to see hoe those devices are displayed)

3. the MAC address of the problematic devices

 

Thanks,

   Dafna

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events