Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Updating IPS, SmartDefense, and Web Intelligence with the Latest Dynamic Defenses

Subscribe

Check Point Reference: SBP-2006-05
Date Published:
Severity:
Last Updated:
Source: SmartDefense Research Center
Protection Provided by: Security Gateway
  • R75
  • R71
  • R70
VPN-1
  • NGX R65
  • NGX R62
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
  • NG with Application Intelligence R54
VSX
  • NGX
  • NGX R65
InterSpect
  • NGX
  • 2.0 and 1.x
Connectra
  • NGX R62
  • NGX R61
  • NGX
  • 2.0
IPS-1
  • IPS-1
Who is Vulnerable?
Security Gateway
VPN-1, InterSpect and Connectra modules
IPS-1
Vulnerability Description
SmartDefense dynamic updates are available to customers who have purchased the SmartDefense subscription service. Customers with valid subscription license can choose the attacks to defend against, read detailed information about the attack, configure parameters for each attack defense, including logging options, receive real-time information on attacks, and update SmartDefense with new capabilities. 

Keeping up-to-date with the latest SmartDefense defenses does not require up-to-the-minute technical knowledge. A single click on the Online Update button updates SmartDefense and Web Intelligence with all the latest defenses from the SmartDefense website.

Vulnerability Details
When you buy a SmartDefense subscription, you are given a license that enables you to download IPS/SmartDefense and Web Intelligence updates.  IPS/SmartDefense and Web Intelligence updates are sent to your computer from one of the SmartCenter enforcement modules.

Protection Overview
In this section you can learn how to obtain the latest IPS/SmartDefense and Web Intelligence defenses for all Security Gateway, VPN-1, InterSpect, Connectra and IPS-1 versions.

To activate the downloaded IPS/SmartDefense updates, you must Install security policy (Policy > Install) in Security Gateway and VPN-1 modules or Activate Settings (Action > Activate Settings) in InterSpect modules.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway: R75

How Can I Protect My Network?
To obtain the latest IPS dynamic update:

1. In the IPS tab, click Download Updates
2. In the configuration pane, under Download Updates, click Update Now.
3. Install security policy (Policy > Install).

How Do I Know if My Network is Under Attack?
When IPS detects an attack a log is generated and appears in SmartView Tracker > Network & Endpoint Queries > Predefined Network Security Blades > IPS Blade All.

Security Gateway: R70/R71

How Can I Protect My Network?
To obtain the latest IPS dynamic update:

1. In the IPS tab, click Download Updates.
2. In the configuration pane, under Download Updates, click Online Update.
3. Install security policy (Policy > Install).

How Do I Know if My Network is Under Attack?
When IPS detects an attack a log is generated and appears in SmartView Tracker > Network & Endpoint Queries > Predefined > Network Security Blades > IPS Blade > All.

VPN-1 NGX R65 & R62

How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:

1. In the SmartDashboard toolbar, click the SmartDefense tab.
2. In the SmartDefense tree, click Download Updates.
3. In the configuration pane, under SmartDefense Services, click Online Update.
4. Install security policy (Policy > Install).

How Do I Know if My Network is Under Attack?
When SmartDefense detects an attack a log is generated and appears in SmartView Tracker > Log Queries > Predefined > SmartDefense.

VPN-1 NGX R61

How Can I Protect My Network?
VPN-1 NGX R61 introduces the SmartDefense Services tab. The SmartDefense Services tab allows you to update all available products from a central location.

To obtain the latest SmartDefense dynamic update:

1. Click the SmartDefense Services tab; the Download Updates page opens.
2. Click Update Now.



3. Install security policy (Policy > Install).

How Do I Know if My Network is Under Attack?
When SmartDefense detects an attack a log is generated and appears in SmartView Tracker > Log Queries > Predefined > SmartDefense.

VPN-1 NGX R60, VPN-1 NG with Application Intelligence R55W

How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:

1. In the SmartDashboard toolbar, click the SmartDefense tab.
2. Click the General page and then click Online Update.



3. Install security policy (Policy > Install).

How Do I Know if My Network is Under Attack?
When SmartDefense detects an attack, a log is generated and appears in SmartView Tracker > Log Queries > Predefined > SmartDefense.

VPN-1 NG with Application Intelligence R55/R54

How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:

1. In the SmartDashboard toolbar, click the SmartDefense tab.
2. Click the General page and then click Update Now.  



3. Install security policy (Policy > Install).

How Do I Know if My Network is Under Attack?
With VPN-1 NG with Application Intelligence R55 and VPN-1 VSX NGX, when SmartDefense detects an attack, SmartView Tracker usually logs a rule number. The rules will appear in SmartView Tracker > Log Queries > Predefined > SmartDefense. Note that for Check Point InterSpect and NG with Application Intelligence R55W, logged events are descriptive.

An example of a rule number: SmartView Tracker logged rule 92101, meaning 'Windows SMB Protection Violation: Buffer overflow attempt', advisory number CPAI-2005-111. All the rules can be found in the Secure Knowledge site  under solution sk26226 titled 'SmartDefense dynamic Updates rule numbers and definitions'.

VPN-1 VSX NGX R65

How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:

1. In the SmartDashboard toolbar, click the SmartDefense tab.
2. In the SmartDefense tree, click Download Updates.
3. In the configuration pane, under SmartDefense Services, click Online Update.
4. Install security policy (Policy > Install).

How Do I Know if My Network is Under Attack?
When SmartDefense detects an attack a log is generated and appears in SmartView Tracker > Log Queries > Predefined > SmartDefense.

VPN-1 VSX NGX

How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:

1. In the SmartDeashboard toolbar, click the SmartDefense tab.
2. Click the General page and then click Update Now.  



3. Install security policy (Policy > Install).

How Do I Know if My Network is Under Attack?
With VPN-1 VSX NGX and VPN-1 NG with Application Intelligence R55, when SmartDefense detects an attack, SmartView Tracker usually logs a rule number. The rules will appear in SmartView Tracker > Log Queries > Predefined > SmartDefense. Note that for Check Point InterSpect and NG with Application Intelligence R55W, logged events are descriptive.

An example of a rule number: SmartView Tracker logged rule 92101, meaning 'Windows SMB Protection Violation: Buffer overflow attempt', advisory number CPAI-2005-111. All the rules can be found in the Secure Knowledge site  under solution sk26226 titled 'SmartDefense dynamic Updates rule numbers and definitions'.

InterSpect NGX

How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:

1. On the navigation tree, select Profiles > SmartDefense Service; the SmartDefense Service page opens.



2. In the SmartDefense page, click Online Update.
3. Click Activate Settings.

How Do I Know if My Network is Under Attack?
When SmartDefense detects an attack a log is generated and appears in SmartView Tracker > Log Queries > Predefined > SmartDefense.

InterSpect 2.0

How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:

1. Click the SmartDefense tab > General.
2. In the General page click Online Update.
3. Click Activate Settings.

How Do I Know if My Network is Under Attack?
When SmartDefense detects an attack a log is generated and appears in SmartView Tracker > Log Queries > Predefined > SmartDefense.

Connectra NGX R62/R61

How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:

1. On the navigation tree, click Security > SmartDefense Updates.

2. In the Download updated content pane, enter your credentials and click Download Updates. You are informed that the SmartDefense content was updated successfully.



4. Click Install Policy.

How Do I Know if My Network is Under Attack?
To view event logs, go to SmartCenter and Logs > Traffic Log on the navigation tree.


Connectra NGX, 2.0

How Can I Protect My Network?
To obtain the latest SmartDefense update:

1. On the navigation tree, click Security > SmartDefense Service.



2. In the Download updated content pane, enter your credentials and click Download Updates. You are informed the the SmartDefense content is updated successfully.



3. Click Install Policy.

How Do I Know if My Network is Under Attack?
To view event logs, go to SmartCenter and Logs > Traffic Log on the navigation tree.

IPS-1

How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:

1. In the IPS-1 Management Dashboard toolbar, click Management > Policy.
2. In the IPS-1 Policy Manager, click on the Protection tab.
3. In the tree, click on Download Updates. In the IPS-1 SmartDefense Services pane, click Online Update.
4. Click on Install Policy.

How Do I Know if My Network is Under Attack?
When IPS-1 detects an attack a log is generated and appears in the IPS-1 Management Alert Browser window.