Install Check Point GW in under 10 minutes

This will load the box, install the jumbo, update the blade signatures and run the first time wizard in 8 1/2 minutes using our new blink loader.

This is for Gateway only but is great for being able to load boxes quickly and ready to go.

Solution Title: Blink – Gaia Fast Deployment
Solution ID: sk120193
Solution Link: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk120193   

Check Point Health Check

I have been asked many times how to perform some self-health checks of the Check Point appliances. Now there is a script that allows you to do this. (See the link below) The SK shows some screenshots of what you can expect as well as the download.

Solution Title: How to perform an automated health check of a Gaia based system
Solution ID: sk121447
Solution Link: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk121447   

Exporting Security Management Server Into Readable Format R80x

I wanted to tell everyone about how you can export your policy to plain text files. (sk120342)

For HTML

  • Enter command line as expert
  • $MDS_FWDIR/scripts/web_api_show_package.sh ($FWDIR for smartcenter)
  • Copy the file over to laptop/desktop
  • Extract all files
  • Launch index.dat file

 

 

 

 

 

 

 

For CSV

  • Open SmartConsole and view the rulebase you wish to export. From the rulebase’s toolbar select: ‘Action > Export’.

WannaCry Ransomware

WannaCry implements several advanced malware techniques, it may penetrate via web or mail, or even directly through a computer with an
SMB connection open to the internet. Once the initial penetration was successful it spreads laterally using vulnerabilities in unpatched Windows SMB.

Check Out the video from Check Point Software here:

Check Point vSEC and securing the public/private cloud part 1

Hey everyone I wanted to talk about Check Points public/private cloud security solution called vSEC. I am going to make this a series of blog posts as the public/private cloud space is vast. So I will go through them one at a time.

The vSEC product is an exciting product that allows you to secure the East-West traffic while at the same time dynamically updating the physical gateways controlling the north-south traffic for a total holistic security solution. This allows the dynamic nature of the Software Defined Data Center (SDDC) and it’s agility and elasticity of an ever changing network that meets your needs, to apply equally to the security world. Gone are the days of non-stop change controls and a static security system that does not change without manual intervention. Now we have dynamic security in physical devices that keeps pace with dynamic virtual ones. This creates a new era in Data Center security.

Check Point vSEC leverages VMware NSX security automation for dynamic distribution and orchestration of vSEC for protecting East-West traffic. All while maintaining information sharing of the network to the physical world. If Check Point vSEC detects malware-infected VMs, it tags and automatically updates VMware NSX.

Meanwhile as the SDDC changes in location (IP’s etc) the Check Point infrastructure both virtual and physical are updated to reflect naming conventions as well IP address directly from vCENTER and the NSX controller.

I am currently working with my sales partner Jared Keesling and on occasion with Deanna Conrad. Both of which are rock star account managers here at Check Point. Together we are building a framework for the region that encompasses both security and the dynamic nature of today’s ever changing and growing network. Jared has helped build some amazing relationships in the Arizona, Las Vegas and New Mexico regions. Deanna has helped build some fantastic relationships in Education, Health Care and Government, here in this same region. Both of these superstar account managers have customers taking advantage of this great opportunity of security, automation, and elasticity of the vSEC product in their networks. I have been privileged to work with both of them as an SE.

Check Point Software realizes the importance of the virtual network both public and private cloud. In fact a recent forecast from predicted that a large portion of enterprise workloads will run in the cloud by mid-2018 either public or private.

It all adds up to an enlarged, complex and blurred attack surface for organizations, so they need a comprehensive solution to bridge security gaps and extend protections, visibility and control from data centers to the cloud in a way that works with the cloud’s elasticity and automation.

The use of cloud technologies both public and private such as VMware creates both a flexible and cost efficient landscape. However the new model of the hybrid datacenter can be more complex and requires a new approach to security. To stay ahead of threats, you need a modern security infrastructure designed for today’s dynamic networks. Check Point’s vSEC is a leap forward in security architecture, providing a modular, agile infrastructure that most importantly, is secure.

VMware vRealize Orchestrator and Check Point Software

See how you can use VMware vRealize Orchestrator to build rules inside of Check Point Software. What a great partnership !

Backup your O/S Config in GAIA command line

Many people will open a command prompt in GAIA and will do a “show configuration” to see how they have their Check Point configured. They will then copy/paste that config into notepad to save for later.

However there is an easier way to do this. By using the command (From the CLISH prompt)

save configuration <filename>

The file will be placed in the home directory of the user you are logged in as.

Here is an example:

back

NSA got owned

By now many of you have hear about the NSA hack. Because of this some vendors have  disclosed their vulnerability to the community.  This is a Hugh potential for issues in many environments worldwide. Today’s security administrators have a daunting task. Security devices log thousands of network events every day. New, complex targeted attacks designed to be evasive are difficult to identify and many be hidden within a multitude of other events.

Here is what happened according to an article at techcrunch:

“A group calling itself the Shadow Brokers dumped data online this weekend that it claimed to have stolen from the Equation Group, a hacking team widely believed to be associated with the NSA.

Cisco said in a security advisory that two vulnerabilities in the Shadow Brokers’ data could be used to breach its Adaptive Security Appliance (ASA) software used in its firewalls. “An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system,” Cisco’s disclosure says.

The data being offered for sale by the Shadow Brokers is dated between 2010 and 2013, so Cisco firewalls may have been vulnerable for years.

This exploit is referred to in the Shadow Brokers’ dump as EPICBANANA.

The second exploit, EXTRABACON, affects all releases of Cisco’s ASA software — but getting it to work is is tricky. The exploit would allow an attacker to take full control of the firewall system, but its complexity — and the fact that Cisco hadn’t discovered and patched it — suggests it was developed by a talented adversary.

Fortinet also said that some of its products released prior to August 2012 contained a vulnerability that would allow an attacker to take execution control over a firewall. More recent versions should not be affected, Fortinet said, although the company noted that its investigation into the code released by the Shadow Brokers is continuing.

Meanwhile, the Shadow Brokers also claim that their exploits will work on firewalls from Juniper Networks and TopSec, but neither company has publicly acknowledged the leak.”

As the IT environment evolves, mobile, cloud the Internet of Things. It is important for security to be one step ahead of the attackers and not a step behind. Did you know that Check Point Software just received it’s 12th NSS_Blog_260x260Recommended rating from NSS labs? Check Point’s Next Generation Threat Prevention (NGTX) with SandBlast™ was tested in the recent 2016 NSS Labs Breach Detection System (BDS) group test. Check Point earned the NSS ‘Recommended’ recognition for security effectiveness and value.

An essential ingredient to successfully block unknown malware and zero-day threats is an integrated, advanced sandbox, like Check Point SandBlast Zero-Day Protection. Sandblast inspects files in a safe, virtual environment to discover malicious behavior before it enters the network; and its advanced CPU-level detection identifies and stops attacks at the exploit phase, before malware even has the chance to deploy.

Thwarting APT

Hey Everyone, I wanted to tell you about a great blog that CTO and Co-Founder of AlgoSec did at Infosec Island. In an article titled: “Back to basics: how simple techniques can thwart complex APT attacks.”

In the article he goes on to state some basic things that everyone can do to lower their risk level. I wanted to share some of his excellent and simple steps for an enterprise to do. He writes:

“Whilst it is very difficult to prevent attackers from carrying out the first stage in their APT journey – after all, there’s nothing particularly secretive about many OSINT scanning techniques – it is possible to prevent them from laterally moving across your network in search of your valuable data, with some back-to-basics principles.

  • Segment your network. Break up your flat internal network into multiple zones, based on the use pattern and category of data processed within each zone. This segmentation then prevents the APT from jumping from one ‘stepping stone’ machine to another.
  • Place firewalls to filter traffic between those zones. ‘Choke points’ – i.e. firewalls – must be placed between the zones to filter the traffic entering and exiting. In other words, firewalls must be placed on internal, lateral traffic paths, not just your network perimeter.
  • Write restrictive security policies for those firewalls to enforce. Gartner Research has suggested that 99% of firewall breaches are caused by firewall mis-configurations, not firewall flaws. The message is clear – your firewalls absolutely must be configured accurately and intelligently, to analyze and block the kind of internal communications that signal APTs.”

This is excellent advice for anyone looking to lower the risk of APT in their environment and good practice in any event. In the article he also explains the different steps that an attacker takes to infiltrate your network. See the full article here at:  http://infosecisland.com/blogview/24803-Back-to-basics-how-simple-techniques-can-thwart-complex-APT-attacks.html