This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Octavian_Dragul
Participant
‎2018-01-04 06:48 AM
Jump to solution

Meltdown and Spectre bugs

Hi Guys,

Do you know if Checkpoints are affected by Meltdown and Spectre and if so, what is the timeframe for a patch being released?

Regards,

Octavian

1 Solution

Accepted Solutions
11 Replies
Octavian_Dragul
Participant
‎2018-01-04 06:59 AM
Jump to solution

Thank you Ronen. I've just seen this. It seems that someone else has posted before me.

Kind regards,

Octavian

0 Kudos
Dave_Hoggan
Contributor
‎2018-01-04 08:04 AM
Jump to solution

Hi,

Our SE suggested I ask this here so apologies in advance if not the right place 🙂

I'm thinking of what can CP do to protect user networks as opposed to the gateways themselves - to whick access should be tightly restricted.

 

Specifically, I was thinking of the scenario where a user on the network downloads a malicious piece of code that exploits this vulnerability. Patching 500-odd PCs is a time-consuming process for a business when those devices are in active use. What plans – if any – do CP have to trap such malicious code via TEM and CPU-level emulation? That would be a strong selling point.

 

Thanks,


Dave

Danny
Champion Champion
Champion
‎2018-01-04 03:17 PM
In response to Dave_Hoggan
Jump to solution

Dave,

this is exactly what Check Point IPS is about. Here is the protection you are looking for.

Danny

Alexey_Vershkov
Explorer
‎2018-01-05 12:37 AM
Jump to solution

Hello, What about code execution during traffic inspection?

PhoneBoy
Admin
Admin
‎2018-01-05 12:47 AM
In response to Alexey_Vershkov
Jump to solution

The only potential "arbitrary" code that might be executed as part of Threat Prevention is during Threat Emulation.

This happens on Threat Emulation specific appliances in VMs. 

A feature that would be needed during the exploit phase is disabled on Check Point appliances, as noted in the SK linked above.

Dave_Hoggan
Contributor
‎2018-01-05 01:16 AM
In response to PhoneBoy
Jump to solution

Hi Dameon,

I think the sk article does a good job of clarifying that CP itself is not vulnerable; the questions are really about what a CP deployment can do to protect what is behind it.

Danny (above) linked to an IPS protection that appears to address part of this (via javascript), but not via arbitrary code. For clarification of your reply above, are you stating that TEM can already detect this or will be able to detect this for clients behind the gateway downloading a malicious executable? The difference between 'can' and 'will be able to' is quite a big one! 

Thanks.

PhoneBoy
Admin
Admin
‎2018-01-05 05:51 AM
In response to Dave_Hoggan
Jump to solution

Right, IPS only gets the Javascript exploit vector.

As for Threat Emulation's role in all this, stay tuned Smiley Happy

Subject02066
Employee
Employee
‎2019-06-25 06:10 AM
In response to PhoneBoy
Jump to solution

Hi PhoneBoy, 

Can you clarify about what feature exactly has been turned off?

I have a customer asking about how exactly are we mitigating these threats on our gateways...(he already read the sk involved)

0 Kudos
John_Tammaro1
Contributor
Contributor
‎2018-01-05 06:01 PM
Jump to solution

Check SK 122205

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top