RE: Checkpoint SecureClient NGX Security Policy caneasily be d

["Ray P" <sixsigma98 () hotmail com>]

What version of SecureClient did you use?


> From: Viktor Steinmann <stony () stony com>
> To: full-disclosure () lists grok org uk
> Subject: [Full-disclosure] Checkpoint SecureClient NGX Security Policy 
> caneasily be disabled
> Date: Wed,  7 Dec 2005 12:54:02 +0100
>
> Situation: Employees should be allowed to access your company network from
> remote by VPN. You want to make sure, that only the hardware of your own
> company is allowed to access the network on the VPN. This because your 
> company
> hardware uses a hardened operating system (personal firewall, virusscanner
> etc.) and you want to make sure, that no viruses/trojans etc. are 
> transported
> into your company network by the VPN from badly configured hardware and/or 
> home
> networks of your employees.
>
> Solution: Checkpoint SecureClient enforces a policy on the VPN Client, 
> which you
> can define on the VPN Endpoint you log on to (the firewall). Furthermore
> SecureClient includes a personal firewall, which protects the VPN Client 
> from
> the network around him. Every time the VPN Client opens the VPN tunnel, the
> policy is updated, so you can be sure, that your policy is the latest one. 
> In
> the above situation, you would create a policy, which checks several
> parameters, to ensure the workstation is one of yours, e.g. check the 
> windows
> serial number, check a specific process which must be running, you could 
> even
> check the CPUID.
>
> Checkpoints Datasheet
> (http://www.checkpoint.com/products/downloads/vpn-1_clients_datasheet.pdf)
> says:
> "VPN-1 SecureClient strengthens enterprise security by ensuring client 
> machines
> cannot be configured to circumvent the enterprise security policy."
>
> So far, so good.
>
> Now we've found a way, to disable that security policy very easily (a 3 
> line
> batch is all it needs). This means, that people who have a login to your 
> VPN
> site can use whatever hardware they like. No secuity policy is enforced, no
> personal firewall is running - but the VPN part works.
>
> And now to the sugar part: The Procedure that makes it work:
>
> Step a) Download SecureClient from the Checkpoint Website
> Step b) Install SecureClient
> Step c) Connect to the VPN Endpoint (which will download the policy)
> Step d) Copy the downloaded policy (local.scv) to a different name (e.g. 
> x.scv)
> Step e) Shutdown SecureClient
> Step f) Create a Batch-File, that looks like this
>
> :Loop
> copy x.scv local.scv
> goto Loop
>
> Step g) Edit x.scv to suit your needs (so you fulfill the policy)
> Step h) Run your batch
> Step i) Start SecureClient
> Step j) Connect to the VPN Endpoint and be surprised, that this stupid 
> trick
> works...
>
> Cheers,
> Viktor
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/