This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
usmanshah526
Explorer
‎2022-11-27 10:35 AM

Are logs in encrypted form while sending to management server?

Hello All,

I have one query about logs if any one know the answer please reply the same.

query is between management servers and gateways logs sending in which format like plain text and encrypted form?

and if it’s sending logs in plain format is it possible to man in the middle attacker to read the logs while sending to management server?

 

0 Kudos
7 Replies
_Val_
Admin
Admin
‎2022-11-28 03:51 AM

Logs are sent through a protected channel with certificate-based authentication. I would be very surprised if you manage to do MitM attach on that.

usmanshah526
Explorer
‎2022-12-02 01:23 AM
In response to _Val_

Thanks for your reply is there any way we can show that logs was encrypted during forwarding logs management server,  because auditor ask they same questions to us and if is it mentioned in any document please share if you have any docs or articles related to this topic.

0 Kudos
Blason_R
MVP Gold
MVP Gold
‎2022-12-02 01:38 AM
In response to usmanshah526

Its pretty simple - Capture the packet in your switch for port TCP/257 or even on mgmt server for port TCP/257. Try to read the logs. Since mgmt server is CA and then distributes certificates to difference component like firewalls and event viewer if deployed separately. The entire communication is encrypted using certificates

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
the_rock
MVP Platinum
MVP Platinum
‎2022-12-02 03:12 AM
In response to usmanshah526

I dont believe there is specific document saying so, but its been that way with CP since the beginning. @Blason_R  and @_Val_ are 100% correct!

Best,
Andy
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-12-02 03:58 AM
In response to usmanshah526

Please refer to the section on SIC in the Security Management Admin Guide for your version, aswell as describing the encryption used by SIC it states this "trust" is required to send logs from Gateway to Management etc.

CCSM R77/R80/ELITE
0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2022-12-02 04:06 AM
In response to usmanshah526

@usmanshah526  you can find these information in the documentation Secure Internal Communication (SIC) 

encryption type, which communication is encrypted etc.

the_rock
MVP Platinum
MVP Platinum
‎2022-12-02 03:44 AM

Also, to add to this, any communication between mgmt and gateway would be encrypted. Think of basic scenario...lets say SIC breaks on the firewall and you have to reset it. Key you put on for sic reset, does not matter, can be 12345678, its a one time password thats encrypted and its gone, thats it. 

But, if you really need document stating than, I will let someone else provide it, as I had never seen one stating so.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events