Updating SmartDefense and Web Intelligence with the Latest Dynamic Defenses
| Check Point Reference: | SBP-2006-05 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | SmartDefense Research Center | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? VPN-1, InterSpect and Connectra modules IPS-1 | ||
| Vulnerability Description SmartDefense dynamic updates are available to customers who have purchased the SmartDefense subscription service. Customers with valid subscription license can choose the attacks to defend against, read detailed information about the attack, configure parameters for each attack defense, including logging options, receive real-time information on attacks, and update SmartDefense with new capabilities. Keeping up-to-date with the latest SmartDefense defenses does not require up-to-the-minute technical knowledge. A single click on the Online Update button updates SmartDefense and Web Intelligence with all the latest defenses from the SmartDefense website. |
||
|
Vulnerability Details When you buy a SmartDefense subscription, you are given a license that enables you to download SmartDefense and Web Intelligence updates. SmartDefense and Web Intelligence updates are sent to your computer from one of the SmartCenter enforcement modules. |
Protection Overview
In this section you can learn how to obtain the latest SmartDefense and Web Intelligence defenses for all VPN-1, InterSpect, Connectra and IPS-1 versions.
To activate the downloaded SmartDefense updates, you must Install security policy (Policy > Install) in VPN-1 modules or Activate Settings (Action > Activate Settings) in InterSpect modules.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R65 & R62
How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:
1. In the SmartDashboard toolbar, click the SmartDefense tab.
2. In the SmartDefense tree, click Download Updates.
3. In the configuration pane, under SmartDefense Services, click Online Update.
4. Install security policy (Policy > Install).
How Do I Know if My Network is Under Attack?
When SmartDefense detects an attack a log is generated and appears in SmartView Tracker > Log Queries > Predefined > SmartDefense.
VPN-1 NGX R61
How Can I Protect My Network?
VPN-1 NGX R61 introduces the SmartDefense Services tab. The SmartDefense Services tab allows you to update all available products from a central location.
To obtain the latest SmartDefense dynamic update:
1. Click the SmartDefense Services tab; the Download Updates page opens.
2. Click Update Now. 
3. Install security policy (Policy > Install).
How Do I Know if My Network is Under Attack?
When SmartDefense detects an attack a log is generated and appears in SmartView Tracker > Log Queries > Predefined > SmartDefense.
VPN-1 NGX R60, VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:
1. In the SmartDashboard toolbar, click the SmartDefense tab.
2. Click the General page and then click Online Update.
3. Install security policy (Policy > Install).
How Do I Know if My Network is Under Attack?
When SmartDefense detects an attack, a log is generated and appears in SmartView Tracker > Log Queries > Predefined > SmartDefense.
VPN-1 NG with Application Intelligence R55/R54
How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:
1. In the SmartDashboard toolbar, click the SmartDefense tab.
2. Click the General page and then click Update Now. 
3. Install security policy (Policy > Install).
How Do I Know if My Network is Under Attack?
With VPN-1 NG with Application Intelligence R55 and VPN-1 VSX NGX, when SmartDefense detects an attack, SmartView Tracker usually logs a rule number. The rules will appear in SmartView Tracker > Log Queries > Predefined > SmartDefense. Note that for Check Point InterSpect and NG with Application Intelligence R55W, logged events are descriptive.
An example of a rule number: SmartView Tracker logged rule 92101, meaning 'Windows SMB Protection Violation: Buffer overflow attempt', advisory number CPAI-2005-111. All the rules can be found in the Secure Knowledge site under solution sk26226 titled 'SmartDefense dynamic Updates rule numbers and definitions'.
VPN-1 VSX NGX R65
How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:
1. In the SmartDashboard toolbar, click the SmartDefense tab.
2. In the SmartDefense tree, click Download Updates.
3. In the configuration pane, under SmartDefense Services, click Online Update.
4. Install security policy (Policy > Install).
How Do I Know if My Network is Under Attack?
When SmartDefense detects an attack a log is generated and appears in SmartView Tracker > Log Queries > Predefined > SmartDefense.
VPN-1 VSX NGX
How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:
1. In the SmartDeashboard toolbar, click the SmartDefense tab.
2. Click the General page and then click Update Now.
3. Install security policy (Policy > Install).
How Do I Know if My Network is Under Attack?
With VPN-1 VSX NGX and VPN-1 NG with Application Intelligence R55, when SmartDefense detects an attack, SmartView Tracker usually logs a rule number. The rules will appear in SmartView Tracker > Log Queries > Predefined > SmartDefense. Note that for Check Point InterSpect and NG with Application Intelligence R55W, logged events are descriptive.
An example of a rule number: SmartView Tracker logged rule 92101, meaning 'Windows SMB Protection Violation: Buffer overflow attempt', advisory number CPAI-2005-111. All the rules can be found in the Secure Knowledge site under solution sk26226 titled 'SmartDefense dynamic Updates rule numbers and definitions'.
InterSpect NGX
How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:
1. On the navigation tree, select Profiles > SmartDefense Service; the SmartDefense Service page opens. 
2. In the SmartDefense page, click Online Update.
3. Click Activate Settings.
How Do I Know if My Network is Under Attack?
When SmartDefense detects an attack a log is generated and appears in SmartView Tracker > Log Queries > Predefined > SmartDefense.
InterSpect 2.0
How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:
1. Click the SmartDefense tab > General.
2. In the General page click Online Update.
3. Click Activate Settings.
How Do I Know if My Network is Under Attack?
When SmartDefense detects an attack a log is generated and appears in SmartView Tracker > Log Queries > Predefined > SmartDefense.
Connectra NGX R62/R61
How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:
1. On the navigation tree, click Security > SmartDefense Updates. 
2. In the Download updated content pane, enter your credentials and click Download Updates. You are informed that the SmartDefense content was updated successfully. 
4. Click Install Policy.
How Do I Know if My Network is Under Attack?
To view event logs, go to SmartCenter and Logs > Traffic Log on the navigation tree. 
Connectra NGX, 2.0
How Can I Protect My Network?
To obtain the latest SmartDefense update:
1. On the navigation tree, click Security > SmartDefense Service.
2. In the Download updated content pane, enter your credentials and click Download Updates. You are informed the the SmartDefense content is updated successfully.
3. Click Install Policy.
How Do I Know if My Network is Under Attack?
To view event logs, go to SmartCenter and Logs > Traffic Log on the navigation tree.
IPS-1
How Can I Protect My Network?
To obtain the latest SmartDefense dynamic update:
1. In the IPS-1 Management Dashboard toolbar, click Management > Policy.
2. In the IPS-1 Policy Manager, click on the Protection tab.
3. In the tree, click on Download Updates. In the IPS-1 SmartDefense Services pane, click Online Update.
4. Click on Install Policy.
How Do I Know if My Network is Under Attack?
When IPS-1 detects an attack a log is generated and appears in the IPS-1 Management Alert Browser window.