Wednesday, June 15, 2016

An open letter to Check Point: App control and scada + offline updates

Dear Checkpoint

    Over the past 90 days I have been working on testing out checkpoint's scada protections in the 1200R firewall. After seeing what is possible with just modbus at CPX Chicago, I can hardly wait to see what else can be done!

There is just one problem. App control requires internet access.*

Checkpoint's solution for application control assumes the firewall (and / or the management server?) will have internet access. This presents a major problem for scada systems of which many do not have internet access. Ok maybe some of them do, but lets ignore those for now.

So list the issues that remain stalemated.

  1. 1200R doesn't seem to support offline updates without internet access. This is what i've been told but can't verify since I can't see to get the offline update package (yet). From what I understand it has something to do with verifying the contract over the internet.
  2. You have to sign a new EULA to get access to an offline update package. Once you have something happens (magic!) and then you gain access the package. The rumblings i'm hearing is its a completely manual process to install them to the firewall. I'm guessing its a tar file.
  3. Assuming issues 1 and 2 are resolved and worked into a process for updating, how will I know when a new package is out? The app wiki has no release dates on it. I also haven't found any place to get email alert about to signatures. Could be missing something here.
  4. bonus points, why isn't there a smartupdate package I can download?

I had no idea what an uphill battle this would become. I've been working with many people on this issue. I also don't want to diminish all the help I've received, but this is a major problem that remains unresolved.

So i guess after calling this an open letter I should wrap this up.

Check Point, come on, there has to be a way to resolve this. Lets find it and move on and start generating some really interesting reports!

No comments:

Post a Comment

Danger Will Robinson!