Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

VPNcheckpoint.txt

🗓️ 14 Dec 2005 00:00:00Reported by Viktor SteinmannType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 47 Views

Employees access network by VPN. Only company hardware allowed for security reasons. Checkpoint SecureClient enforces policy on VPN Client to prevent security circumvention. Easy procedure to disable security policy

Code
`Situation: Employees should be allowed to access your company network from  
remote by VPN. You want to make sure, that only the hardware of your own  
company is allowed to access the network on the VPN. This because your company  
hardware uses a hardened operating system (personal firewall, virusscanner  
etc.) and you want to make sure, that no viruses/trojans etc. are transported  
into your company network by the VPN from badly configured hardware and/or home  
networks of your employees.  
  
Solution: Checkpoint SecureClient enforces a policy on the VPN Client, which you  
can define on the VPN Endpoint you log on to (the firewall). Furthermore  
SecureClient includes a personal firewall, which protects the VPN Client from  
the network around him. Every time the VPN Client opens the VPN tunnel, the  
policy is updated, so you can be sure, that your policy is the latest one. In  
the above situation, you would create a policy, which checks several  
parameters, to ensure the workstation is one of yours, e.g. check the windows  
serial number, check a specific process which must be running, you could even  
check the CPUID.  
  
Checkpoints Datasheet  
(http://www.checkpoint.com/products/downloads/vpn-1_clients_datasheet.pdf)  
says:  
"VPN-1 SecureClient strengthens enterprise security by ensuring client machines  
cannot be configured to circumvent the enterprise security policy."  
  
So far, so good.  
  
Now we've found a way, to disable that security policy very easily (a 3 line  
batch is all it needs). This means, that people who have a login to your VPN  
site can use whatever hardware they like. No secuity policy is enforced, no  
personal firewall is running - but the VPN part works.  
  
And now to the sugar part: The Procedure that makes it work:  
  
Step a) Download SecureClient from the Checkpoint Website  
Step b) Install SecureClient  
Step c) Connect to the VPN Endpoint (which will download the policy)  
Step d) Copy the downloaded policy (local.scv) to a different name (e.g. x.scv)  
Step e) Shutdown SecureClient  
Step f) Create a Batch-File, that looks like this  
  
:Loop  
copy x.scv local.scv  
goto Loop  
  
Step g) Edit x.scv to suit your needs (so you fulfill the policy)  
Step h) Run your batch  
Step i) Start SecureClient  
Step j) Connect to the VPN Endpoint and be surprised, that this stupid trick  
works...  
  
Cheers,  
Viktor  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Dec 2005 00:00Current
7.4High risk
Vulners AI Score7.4
vpn accesscompany hardwaresecurity policysecureclientpersonal firewallvpn endpointcircumventioneasy exploit
47