Software

Fix for Checkpoint VPN tunneling Option being grayed out on Check Point Endpoint Security Client

I noticed that my Windows VPN client on my computer was forcing all traffic through the gateway of my VPN endpoint. Something that in most cases would be find however this limited my ability to access local network resources in addition to browsing the internet via my local internet provider (Split Tunneling).

What I soon noticed was that I could not remove the setting that encrypted all traffic, routing it to the gateway

To make these changes to the client the following needs to be done.

Step 1: Modify configuration allowing for trac.config to be edited as its obscured for security purpose.

  1. Exit the Check Point Endpoint Security Client
  2. Stop the “Check Point Endpoint Security” service
  3. Edit c:\program files (x86)\checkpoint\endpoint connect\trac.defaults

Change the top line from:

OBSCURE_FILE INT 1 GLOBAL 0

to

OBSCURE_FILE INT 0 GLOBAL 0

Step 2:

  1. Start the “Check Point Endpoint Security” service
  2. Start the Check Point Endpoint Security client
  3. Verify that the c:\program files (x86)\checkpoint\endpoint connect\trac.config file is de-obscured.
  4. Shutdown the Check Point Endpoint Security Client
  5. Stop the “Check Point Endpoint Security” service
  6. Edit c:\program files (x86)\checkpoint\endpoint connect\trac.config

Search and edit the following line:

From: <PARAM neo_route_all_traffic_through_gateway=”false”></PARAM>

To: <PARAM neo_route_all_traffic_through_gateway=”true”></PARAM>

Step 3:

  1. Delete c:\program files (x86)\checkpoint\endpoint connect\trac.config.bak
  2. Start the “Check Point Endpoint Security” service
  3. Start the Check Point Endpoint Security Client

Notes: Pros and Cons of Split VPN you should know about

Pros

If you are going to split tunnel, then you are going to reduce the overall bandwidth impact on your Internet circuit. Only the traffic that needs to come over the VPN will, so anything a user is doing that is not “work related” will not consume bandwidth. In addition, anything external to your network that is also latency sensitive will not suffer from the additional latency introduced by tunneling everything over the VPN to the corporate network. Users will get the best experience in terms of network performance, and the company will consume the least bandwidth.

Cons

If security is supposed to monitor all network traffic, and protect users from malware and other Internet threats by filtering traffic, users who are split tunneling will not get this protection and security will be unable to monitor traffic for threats or inappropriate activity. Traffic to websites that use HTTPS will still be protected, but other traffic will be vulnerable.

Ref: https://www.cpug.org/forums/archive/index.php/t-14545.html

Check Point 600 Appliance Software Blade Stuck in Updating status

Recently I had a chance to get my hands on this excellent Firewall by Checkpoint. And as you know not everything goes perfectly, and this is where you get a chance to learn how it works, while you fix.

I encountered an issue where one of the Threat Prevention Blades was stuck in updating mode for several hours. I had logged into the appliance via SSH to view to CPU utilization and observed nothing which would indicate an issue.

I started thinking about what events occurred which may have caused this. So I looked at the auto update schedule for the blades and noticed that all 3 blades where set to upgrade simultaneously.

I have observed that these updated can causes very high consumption of CPU and which that perhaps the blade with the issue became stuck in an upgrading status.

To address this situation, I issued the update command from the CLI :

  1. Log into the firewall via SSH
  2. Enter into expert mode by typing ‘expert’ in the CLI – You will be asked for your expert password. Once in export you will be in a standard Linux bash prompt.
  3. Run the following while in expert mode depending on which update you require:
  • Anti-Virus Blade: [Expert@jermsmit.com]# online_update_cmd -b AV -o update
  • IPS Blade: [Expert@jermsmit.com]# online_update_cmd -b IPS -o update
  • Application Control Blade: [Expert@jermsmit.com]# online_update_cmd -b APPI -o update

 

Now return and refresh your webUI and you should notice that the blade(s) that were once stuck in the upgrading status are now showing up to date.

Quick How To Share a Document with OneDrive for Business


You can share file(s): Documents and such with Onedrive for Business

1.      In the file list, right-click a document, or select a document and then select Share.

2.      Select Get a link.

3.      Choose who to share with, and if they can view or edit the file.

4.      To share with people inside your organization, choose:

5.      View link – account required – people inside your organization can view, copy, or download the document.

6.      Edit link – account required – people inside your organization can edit, copy, or download the document.

7.      To share with people outside your organization, choose:

8.      View link – no sign-in required – people outside your organization can view, copy, and download the document.

9.      Edit link – no sign-in required – people outside your organization can edit, copy, and download the document.

10.  For external links, select SET EXPIRATION, and choose when you want the link to expire.

11.  Click Copy and paste the link in an email or post it.

Note: Links created that don’t require a sign-in can be opened by anyone, so make sure the content can be shared publicly. Consult your Corporate Information Security Policy and IT if needed.

Note: Sharing of folders is not possible at this time.

Exchange Remote PowerShell Broken in Windows 10 Anniversary Update

So you updated to Windows 10 Anniversary and now have found yourself unable to connect to a remote PowerShell sessions. I noticed this in my management of Exchange Online in Office 365 after upgrading to Windows 10 version 1607 aka Anniversary Edition.

In my attempts to connect, as I have done in the past: http://jermsmit.com/azure-active-directory-module-for-windows-powershell-how-to-connect/ I encountered a error message:

 

Later comparing this with my down-level installs of Windows 10 and Server 2012 R2 this issue does not exist. So what changed?

It seems that the version of PowerShell which was updated may have something to do with this issue. This is when I attempted to run PowerShell in a down-level mode.

This is done by issuing the following command in an elevated command prompt (Run As Administrator): PowerShell.exe -Version 2.0

From this point we can now connect without issue.

Hope this helps

Dangerous 7-Zip flaws put many other software products at risk | PCWorld

The flaws could allow arbitrary code execution when the 7-Zip library processes specially crafted files

Code reuse makes it hard to keep track of vulnerabilities
Credit: IDGNS

Two vulnerabilities recently patched in 7-Zip could put at risk of compromise many software products and devices that bundle the open-source file archiving library.

The flaws, an out-of-bounds read vulnerability and a heap overflow, were discovered by researchers from Cisco’s Talos security team. They were fixed in 7-Zip 16.00, released Tuesday.

The 7-Zip software can pack and unpack files using a large number of archive formats, including its own 7z format, which is more efficient than ZIP. Its versatility and open-source nature make it an attractive library to include in other software projects that need to process and deal with archived files.

Previous research has shown that most developers do a poor job of keeping track of vulnerabilities in the third-party code they use and that they rarely update the libraries included in their projects.

“7-Zip is supported on all major platforms, and is one of the most popular archive utilities in-use today,” the Cisco Talos researchers said in a blog post. “Users may be surprised to discover just how many products and appliances are affected.”

A search on Google reveals that 7-Zip is used in many software projects, including in security devices and antivirus products. Many custom enterprise applications also likely use it.

The out-of-bounds read vulnerability, tracked as CVE-2016-2335, stems from 7-Zip’s handling of Universal Disk Format (UDF) files, while the heap overflow condition, CVE-2016-2334, can occur when handling zlib compressed files.

To exploit the flaws, attackers can craft specially crafted files in those formats and deliver them in a way that would cause the vulnerable 7-Zip code to process them.

http://www.pcworld.com/article/3069975/dangerous-7-zip-flaws-put-many-other-software-products-at-risk.html