FireWall allows remote "get topology" request

[jeetu_chaudhari]

Hi all ,

Kindly help me to remove vulenrability in checkoint.

I recentlly done Vulnerabilty Assesment on chekpint mgmt server segment
I placed scanning machine in same segment of mgmt server.

Following low vulenrabilty is shown in scan report,

Fw1GettopoNoauth: FireWall-1 allows remote "get topology" requests without authentication

The Check Point FireWall-1/VPN-1 SecuRemote client requires knowledge of a network's topology before it can negotiate a VPN (Virtual
Private Network) connection. SecuRemote clients prior to version 4.0 do not encrypt or authenticate connections to the SecuRemote
Server, which could expose possibly sensitive network topology information to remote attackers. The client and server of SecuRemote
version 4.1 support string authentication and encryption of this data, but by default permit weaker, less secure connections for backward
compatibility. An attacker could take advantage of these weaker connections to obtain sensitive network topology information.

Remedy

Disable the FireWall-1 option "Respond to Unauthenticated Cleartext Topology Requests".
To disable this option from the FireWall-1 Policy Editor:
1. Open the FireWall-1 Policy Editor.
2. Select Policy --> Properties.
2. Click the Desktop Security tab.
3. Clear the "Respond to Unauthenticated Cleartext Topology Requests" check box.


I can't able to find remedy which is mention above.

If any one knows please reply to me.

Thanks,
jeetu

[betski]

do a google image search on "check point policy editor"

that should get you going in the right direction >>>>

[northlandboy]

Which version are you using?

[jeetu_chaudhari]

checkpoint NGX R60

[northlandboy]

It looks like your scan, and suggested remedy, are for Check Point 4.1. I'm not sure that this is still relevant for post 4.1.

[Acidio]

Northlandboy is right. In 4.1 days, you could get a topology download without first being authenticated. A check box was available to prevent this, but as of NG the default behavior is to only provide topology once a user is logged in via SecRemote/SecClient.

The only way I could think that you the still have the issue is if you have upgraded from 4.1 through to NGX. However, I'm sure the default behavior was changed when doing upgrades as well.