Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Peter_Elmer
Employee
Employee

Zero-Phishing for Quantum Network Security

Phishing attacks are increasing and Check Point Research observed 19% of all Phishing attacks in April 2021 in EMEA using HTTPS.

In order to prevent these attacks, Check Point R&D is inviting customers experiencing the Zero-Phishing Early Availability program documented in sk172203

Check Point Certified Partners may want to contact their pre-sales representatives and then work with Check Point R&D supporting customers running a proof-of-concept.

Learn more about Check Point Zero-Phishing for Quantum Network Security watching the following videos:

The instructions documented in sk172203 are referring to use a dedicated Root Certificate Authority for HTTPS inspection and to enroll a UserCheck Certificate against it. In my lab testing I used OpenSSL running on Gaia OS and share the commands I used here.

The following commands are based on documentation found at https://www.openssl.org/docs/ and have demonstrated to work in several lab tests on Gaia OS R81.


1) Define Gaia OS environment variables to ease configuration steps

PASS: A password protecting keying material. This password is requested when importing the .p12 containers in SmartConsole.
ROOTCAFQDN: The Fully Qualified Domain Name of the Root CA.
ROOTCACN: The Common Name (CN) of the Root CA. The CN will be used in the Subject field of the Root CAs' certificate.

export PASS=vpn123
export ROOTCAFQDN=zerophishRootCA.ngtpdemo.local
export ROOTCACN=zerophishRootCA.ngtpdemo.local

2) Generate a private/public keypair for the Root CA and protect them with $PASS

cpopenssl genrsa -passout pass:$PASS -out $ROOTCAFQDN.key 4096

3) Generate a self-signed Root CA Certificate using keying material created before

cpopenssl req -x509 -new -config $CPDIR/conf/openssl.cnf -nodes -key $ROOTCAFQDN.key -sha256 -days 1095 -out $ROOTCAFQDN.crt -batch -passin pass:$PASS -passout pass:$PASS -multivalue-rdn -subj "/CN=$ROOTCACN"

Enjoy Zero-Phishing EA Program!

-pelmer

 

 

0 Replies