Full Disclosure mailing list archives
RE: Checkpoint SecureClient NGX Security Policy caneasily be d
From: "Ray P" <sixsigma98 () hotmail com>
Date: Thu, 08 Dec 2005 03:36:39 +0000
What version of SecureClient did you use?
From: Viktor Steinmann <stony () stony com> To: full-disclosure () lists grok org ukSubject: [Full-disclosure] Checkpoint SecureClient NGX Security Policy caneasily be disabledDate: Wed, 7 Dec 2005 12:54:02 +0100 Situation: Employees should be allowed to access your company network from remote by VPN. You want to make sure, that only the hardware of your owncompany is allowed to access the network on the VPN. This because your companyhardware uses a hardened operating system (personal firewall, virusscanneretc.) and you want to make sure, that no viruses/trojans etc. are transported into your company network by the VPN from badly configured hardware and/or homenetworks of your employees.Solution: Checkpoint SecureClient enforces a policy on the VPN Client, which youcan define on the VPN Endpoint you log on to (the firewall). FurthermoreSecureClient includes a personal firewall, which protects the VPN Client fromthe network around him. Every time the VPN Client opens the VPN tunnel, thepolicy is updated, so you can be sure, that your policy is the latest one. Inthe above situation, you would create a policy, which checks severalparameters, to ensure the workstation is one of yours, e.g. check the windows serial number, check a specific process which must be running, you could evencheck the CPUID. Checkpoints Datasheet (http://www.checkpoint.com/products/downloads/vpn-1_clients_datasheet.pdf) says:"VPN-1 SecureClient strengthens enterprise security by ensuring client machinescannot be configured to circumvent the enterprise security policy." So far, so good.Now we've found a way, to disable that security policy very easily (a 3 line batch is all it needs). This means, that people who have a login to your VPNsite can use whatever hardware they like. No secuity policy is enforced, no personal firewall is running - but the VPN part works. And now to the sugar part: The Procedure that makes it work: Step a) Download SecureClient from the Checkpoint Website Step b) Install SecureClient Step c) Connect to the VPN Endpoint (which will download the policy)Step d) Copy the downloaded policy (local.scv) to a different name (e.g. x.scv)Step e) Shutdown SecureClient Step f) Create a Batch-File, that looks like this :Loop copy x.scv local.scv goto Loop Step g) Edit x.scv to suit your needs (so you fulfill the policy) Step h) Run your batch Step i) Start SecureClientStep j) Connect to the VPN Endpoint and be surprised, that this stupid trickworks... Cheers, Viktor _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Checkpoint SecureClient NGX Security Policy can easily be disabled Viktor Steinmann (Dec 07)
- Re: Checkpoint SecureClient NGX Security Policy can easily be disabled Joachim Schipper (Dec 07)
- RE: Checkpoint SecureClient NGX Security Policy caneasily be d Ray P (Dec 07)