|
News
28th March
PureSecured goes LIVE! The new PureSecured site, along with the
new set of PureSecured Service offerings, is now released. The
new offerings provide a complete set of security management services
to all sizes and levels:
PureSecured SMS (Server Management Service): Aimed at sites where
the IT staff may to too busy to consistently complete standard
firewall management and maintenance tasks, the SMS service performs
a standard roster of “best-practice” security management
and monitoring activities along with log analysis, backups and
“human readable” reporting. This keeps your security
and IT systems running optimally and allows your IT staff to focus
on pro-active Security Management tasks.
PureSecured SOS (Security Overseer Service) : PureSecured SOS
is an innovative approach to security auditing and rulebase management.
SOS provides a “virtual” security overseer to your
business, which watches and monitors all changes made to your
security system for security policy compliance. This ensures that
your IT Security Policy maintains relevance to your organisation
and provides a continuous audit solution. SOS also provides a
valuable set of rulebase analysis reports which allow you to optimise
and control the complexity of your rulebase.
PureSecured Enterprise : PureSecured Enterprise provides a full
outsourced firewall security management solution. All the elements
of the SMS and SOS solutions are included, as well as an easy
to use firewall change management methodology and system designed
to allow you to use security as an enforcement point for better
IT business practices.
All plans utilise the PureSecured secure end-to-end encrypted
communication system, and provide back-end security support and
expertise from the most knowledgeable Check Point Resources available
in ANZ. Refer to the Services section on the Website for more
information.
27th March
A new SmartDefense Update has been released today, March 27,
2006 for users of VPN-1 NGX and VPN-1 NG with Application Intelligence
R55 & R55W. Puresecured customers with SmartDefense Subscriptions
will have these updates performed in the next activity window.
Microsoft Internet Explorer (IE) fails to properly handle the
createTextRange() DHTML method, potentially allowing a remote
attacker to execute arbitrary code if the attacker has convinced
a user to open a specially crafted Web page. For more information,
read CPAI-2006-033 at http://www.checkpoint.com/defense/advisories/public/2006/cpai-27-Mar.html.
Note: Depending on the traffic mix, activating this update may
result in performance degradation. This shall be initially installed
in Monitor-Only mode to track performance impact and false-positives.
26th March
Smart Defense Updates - new SmartDefense Updates were published
today, March 26, 2006 for users of VPN-1 NGX R61 & R60, VPN-1
NG with Application Intelligence R55. Puresecured customers with
SmartDefense Subscriptions will have these updates performed in
the next activity window.
The following protections have been released:
Risk Assessment : Low
Enhancement to Microsoft Windows Media Player vulnerability (MS06-005):
A flaw was reported in Windows Media Player versions 7.1 through
10 because of the way that it handles bitmap files (.bmp). The
protection blocks malformed BMP files that could potentially allow
remote code execution. A Strict Enforcement option allows for
a less permissive approach that will identify malicious BMP files
and check them for the MS06-005 vulnerability, even when the file
has not been entirely identified as a BMP file. This will block
possible additional variations of this attack, but may result
in a certain amount of false positives, depending on the traffic.
For more information, read CPAI-2006-016 at:
http://www.checkpoint.com/defense/advisories/public/2006/cpai-14-Feba.html
Due to the risk of False positives and performance issues, it
is recommended that this be phased in through a monitor-only mode
first, to determine impact. WMP should generally be disabled or
act through a proxy service.
Risk Assessment : Low
Protection against FreeBSD NFS Mount Request Denial of Service:
A vulnerability was detected in the way the NFS server handles
incoming RPC messages via TCP. By sending RPC messages to an affected
FreeBSD system, a remote attacker may crash the FreeBSD system.
The update blocks the malformed NFS requests as well as similar
requests for other RPC over TCP services. For more information,
read CPAI-2006-032 at:
http://www.checkpoint.com/defense/advisories/public/2006/cpai-05-Mar.html
Risk Assessment : Medium
Oracle Report File Overwrite/Oracle Report Directory Traversal
Protection:
Oracle Reports is a reporting tool that generates data from multiple
sources and converts the information into a formatted report.
Several vulnerabilities were reported in Oracle Reports server
which can be exploited to compromise an affected system. The Update
enables the HTTP Worm Catcher to detect and block the vulnerability
based on pre-defined worm signatures. For more information, read
CPAI-2006-030 at:
http://www.checkpoint.com/defense/advisories/public/2006/cpai-09-Mara.html
Risk Assessment : Medium
IBM Tivoli Access Manager Directory Traversal Protection: The
Update enables the HTTP Worm Catcher to detect and block the vulnerability
based on pre-defined worm signatures. For more information, read
CPAI-2006-031 at:
http://www.checkpoint.com/defense/advisories/public/2006/cpai-07-Mar.html
Risk Assessment : Low
Cisco IOS CDP Status Page Code Injection Protection: A vulnerability
exists in the IOS HTTP server. Only Cisco products that run Cisco
IOS Software versions 11.0 through 12.4 with the HTTP server enabled
are affected. The Update enables the HTTP Worm Catcher to detect
and block the vulnerability based on pre-defined worm signatures.
For more information, read CPAI-2006-028 at:
http://www.checkpoint.com/defense/advisories/public/2006/cpai-08-Mar.html
It is recommended that the HTTP browser interface for all Cisco
devices be turned off by default.
Risk Assessment : High (or based on company IM access policy)
Google Talk via Gmail Web Interface Protection: Google Talk is
an application used to call or send instant messages for Microsoft
Windows operating systems. Instant messaging applications may
risk an organization's security in the following ways:
- Vulnerabilities in IM applications could be exploited to compromise
a user's system (i.e. MSN Messenger PNG image processing).
- An important capability of IM is file transfer that could
be exploited by worms to infect a user's system.
- Using voice data along with file transfers may result in
excessive bandwidth utilization.
SmartDefense allows you to block Google Talk on standard and
non-standard ports as well as to block its Web interface. For
more information, read CPSA-2006-02 at:
http://www.checkpoint.com/defense/advisories/public/2006/cpsa-14-Mar.html
Risk Assessment : High (if using this software) ezDatabase Remote
File Inclusion Protection: ezDatabase is a Web based application
designed for creating online databases. A vulnerability in ezDatabase
allows remote attackers to execute arbitrary PHP code via several
parameters. The Update enables the HTTP Worm Catcher to detect
and block the vulnerability based on pre-defined worm signatures.
For more information, read CPAI-2006-026 at:
http://www.checkpoint.com/defense/advisories/public/2006/cpai-19-Mar.html
Risk Assessment : High
Trojan Spy Goldun.de Protection: The update blocks the vulnerability
based on a unique HTTP header pattern. For more information, read
CPAI-2006-025 at:
http://www.checkpoint.com/defense/advisories/public/2006/cpai-06-Mar.html
2nd March
SmartDefense Updates – Several new SmartDefense Updates
were published for users of VPN-1 NGX R60, VPN-1 NG with Application
Intelligence R54, R55 & R55W, and users of InterSpect NGX
& 2.0. Puresecured customers with SmartDefense Subscriptions
will have these updates performed in the next activity window.
The following protections were added:
Risk Assessment : HIGH
Microsoft Windows Web Client Service Protection (MS06-008): For
more information, refer to
CPAI-2006-018 at
http://www.checkpoint.com/defense/advisories/public/2006/cpai-19-Feb.html.
Risk Assessment : MEDIUM
Microsoft Windows EMF/WMF Protection (MS06-004): For more information,
refer to CPAI-2006-020 at http://www.checkpoint.com/defense/advisories/public/2006/cpai-18-Feb.html.
13th February 2006
Several new SmartDefense Updates were published today, February
12, 2006 for users of VPN-1 NGX R60, VPN-1 NG with Application
Intelligence R54, R55 & R55W, and users of InterSpect NGX
& 2.0. Puresecured customers with SmartDefense Subscriptions
will have these updates performed in the next activity window.
The following protections were added:
Risk Assessment : LOW/MEDIUM
Apache Format String Vulnerability Protection: For more information,
refer to
CPAI-2006-014 at
http://www.checkpoint.com/defense/advisories/public/2006/cpai-08-Feb.html.
Risk Assessment : LOW
Microsoft Windows EOT Files Protection (MS06-002): For more information,
refer to CPAI-2006-010 at http://www.checkpoint.com/defense/advisories/public/2006/cpai-30-Jan.html.
Risk Assessment : MEDIUM/HIGH
PHP-based Vulnerabilities Protection: For more information, refer
to CPAI-2006-011 at http://www.checkpoint.com/defense/advisories/public/2006/cpai-23-Jan.html.
Risk Assessment : LOW
HP OpenView Command Execution Protection : For more information,
refer to CPAI-2006-012 at
http://www.checkpoint.com/defense/advisories/public/2006/cpai-19-Jan.html.
Risk Assessment : MEDIUM
Oracle XDB HTTP Buffer Overflow Protection: For
more information, refer to CPAI-2006-013 at
http://www.checkpoint.com/defense/advisories/public/2006/cpai-07-Feb.html.
Risk Assessment : MEDIUM
Oracle XDB FTP Protection: For
more information, refer to
http://www.checkpoint.com/defense/advisories/public/2006/cpai-08-Febb.html.
<< back to main
|
