CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 7 of 7

Thread: FireWall allows remote "get topology" request

  1. #1
    Join Date
    2006-04-11
    Posts
    18
    Rep Power
    0

    Default FireWall allows remote "get topology" request

    Hi all ,

    Kindly help me to remove vulenrability in checkoint.

    I recentlly done Vulnerabilty Assesment on chekpint mgmt server segment
    I placed scanning machine in same segment of mgmt server.

    Following low vulenrabilty is shown in scan report,

    Fw1GettopoNoauth: FireWall-1 allows remote "get topology" requests without authentication

    The Check Point FireWall-1/VPN-1 SecuRemote client requires knowledge of a network's topology before it can negotiate a VPN (Virtual
    Private Network) connection. SecuRemote clients prior to version 4.0 do not encrypt or authenticate connections to the SecuRemote
    Server, which could expose possibly sensitive network topology information to remote attackers. The client and server of SecuRemote
    version 4.1 support string authentication and encryption of this data, but by default permit weaker, less secure connections for backward
    compatibility. An attacker could take advantage of these weaker connections to obtain sensitive network topology information.

    Remedy

    Disable the FireWall-1 option "Respond to Unauthenticated Cleartext Topology Requests".
    To disable this option from the FireWall-1 Policy Editor:
    1. Open the FireWall-1 Policy Editor.
    2. Select Policy --> Properties.
    2. Click the Desktop Security tab.
    3. Clear the "Respond to Unauthenticated Cleartext Topology Requests" check box.


    I can't able to find remedy which is mention above.

    If any one knows please reply to me.

    Thanks,
    jeetu

  2. #2
    Join Date
    2006-07-05
    Location
    Yorkshire, UK
    Posts
    42
    Rep Power
    0

    Default Re: FireWall allows remote "get topology" request

    do a google image search on "check point policy editor"

    that should get you going in the right direction >>>>

  3. #3
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,494
    Rep Power
    15

    Default Re: FireWall allows remote "get topology" request

    Which version are you using?

  4. #4
    Join Date
    2006-04-11
    Posts
    18
    Rep Power
    0

    Default Re: FireWall allows remote "get topology" request

    checkpoint NGX R60

  5. #5
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,494
    Rep Power
    15

    Default Re: FireWall allows remote "get topology" request

    It looks like your scan, and suggested remedy, are for Check Point 4.1. I'm not sure that this is still relevant for post 4.1.

  6. #6
    Join Date
    2006-10-24
    Location
    Auckland, NZ
    Posts
    111
    Rep Power
    13

    Default Re: FireWall allows remote "get topology" request

    Northlandboy is right. In 4.1 days, you could get a topology download without first being authenticated. A check box was available to prevent this, but as of NG the default behavior is to only provide topology once a user is logged in via SecRemote/SecClient.

    The only way I could think that you the still have the issue is if you have upgraded from 4.1 through to NGX. However, I'm sure the default behavior was changed when doing upgrades as well.

  7. #7
    Join Date
    2010-02-04
    Posts
    4
    Rep Power
    0

    Default Re: FireWall allows remote "get topology" request

    Quote Originally Posted by Acidio View Post
    Northlandboy is right. In 4.1 days, you could get a topology download without first being authenticated. A check box was available to prevent this, but as of NG the default behavior is to only provide topology once a user is logged in via SecRemote/SecClient.

    The only way I could think that you the still have the issue is if you have upgraded from 4.1 through to NGX. However, I'm sure the default behavior was changed when doing upgrades as well.
    I have the same alert with R65 version so I don't think is solved.. Any idea?

Similar Threads

  1. "Active Attention" and mismatched "Required interfaces"
    By SteveL in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 5
    Last Post: 2012-08-21, 15:47
  2. "Bad certificate chain in response" while complete a cert-request
    By tkshamburg in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 2
    Last Post: 2011-11-28, 11:01
  3. What is purpose of "edges" in "Objects" on a network object?
    By RayPesek in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 2
    Last Post: 2009-02-05, 12:55
  4. Replies: 0
    Last Post: 2008-02-22, 03:31
  5. HTTP Error Message "message_info: CONNECT command found in HTTP request"
    By Barry J. Stiefel in forum Content Security/Security Servers/CVP/UFP
    Replies: 3
    Last Post: 2006-11-28, 13:14

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •