Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

SmartDefense Subscription Service Bulletin
February 2004

In this bulletin:

About the SmartDefense Subscription Service

The SmartDefense Subscription Service enables licensed users to fully expand the functionality of Check Point SmartDefense®, available for NG firewalls running FP2 and above. Visit Check Point SmartDefense site.

For the highest level of protection against new and emerging threats, SmartDefense Subscription Service provides one-click, real-time automatic attack mitigation Updates, activated directly from within SmartDefense SmartDashboard®. For the comprehensive list of SmartDefense Updates, click here (ID and password required). Updates are available to licensed customers only. To obtain SmartDefense Updates, registered users are required to authenticate using their User Center credentials.

Check Point also publishes in-depth SmartDefense Advisories about different mitigation factors for attacks that can be blocked without a SmartDefense update. Licensed customers can access the list of full Advisories at Customers without a valid subscription license can access summaries of SmartDefense advisories, but can only update SmartDefense protections through the subscription service.

The list of Advisory Summaries is publicly available here.

Free Service Evaluation
Check Point users with a valid User Center account are automatically entitled to a free 30- day service trial. This will enable you to better asses the benefits of receiving timely SmartDefense Advisories and automatic Updates. Your evaluation period starts upon your first login to the SmartDefense restricted area. After you have been granted first time access to the full Advisories section, you are added to the evaluation users list and will be able to receive dynamic Updates. To view the full advisories, go to Advisory summaries and select the advisory of your choice. At the bottom of each Advisory, you will be offered to Read the Full Advisory and Solution (id and password required). To receive the Updates, press the Update Now button on the right upper pane FireWall-1 SmartDashboard.

For further information about the service, visit our newly added Frequently Asked Questions section at SmartDefense Subscription Service FAQ.

How to Subscribe
SmartDefense Update and Advisory licenses can be obtained from Check Point resellers. For further information on how to purchase the service, click here. Registered users are required to authenticate using their User Center credentials. For more information about creating User Center accounts, click here.

What's new in SmartDefense I for InterSpect

InterSpect includes a version of SmartDefense customized for internal network security that allows administrators to configure, enforce and update all network and application attack defenses. SmartDefense I provides enhanced protection capabilities including:

Port Scanning
Host Port Scan. SmartDefense I tracks port usage of a specific host on the network to determine which ports are open on that specific host. This scan is aimed at detecting which ports on which hosts are normally inactive, to prevent malicious attacks through these ports.

IP Sweep Scans. SmartDefense I tracks port usage throughout the network and learns which ports on which hosts are typically inactive. An IP sweep scan is detected if an inactive port is targeted by more than a certain number of hosts over a certain amount of time.

Peer-to-Peer
InterSpect blocks Peer to Peer traffic by identifying the proprietary protocols and preventing the initial connection to the Peer to Peer networks. New Peer to Peer protection code is now available with Updates, which enables SmartDefense to block key P2P applications including Kazaa, Gnutella, eMule, Skype, and BitTorrent.

Monitor Only mode
All InterSpect protections can be configured in Monitor Only mode. Monitor only capability allows the ability to audit network traffic for suspicious behavior without actively applying any security policies to the traffic flow.

Quarantine
InterSpect can identify suspicious or infected computers on the network and can be configured to do the following:

  • Quarantine suspicious or infected zones
  • Quarantine unpatched servers during security patch management
  • Isolate attacks and compromised devices.

February’s Advisories and Updates

Advisories posted this month include:

CPAI-2004-08,
26-February-2004
Category: NetSky.C worm
Vulnerable Systems: Windows 95, 98, ME, NT, 2000 and XP
References: TrendMicro

CPAI-2004-07,
19-February-2004
Category: Microsoft ASN.1 Remote Code Execution
Vulnerable Systems: Microsoft Windows Platforms
References: eEye Security

CPAI-2004-06,
18-February-2004
Category: Nachi_C worm
Vulnerable Systems: Windows 2000, XP
References: TrendMicro

CPAI-2004-04,
09-February-2004
Category: Serv-U FTP Server Stack Overflow
Vulnerable Systems: Serv-U versions prior to 4.2
References: SecuriTeam

CPAI-2004-05,
09-February-2004
Category: Soulseek Peer-to-Peer
Vulnerable Systems: Customers running Soulseek P2P clients
References: F-Secure

Updates released this month include:

Update Number 540040229,
29-February-2004
Category: MS ASN.1 Bitstring over HTTP and SMTP protection
Description: Protection against MS ASN.1 BitString attacks (MS04-007) (R55, InterSpect). This protection is enabled for SMB, CIFS, Kerberos, LDAP and ~ DCE-RPC protocols, running over TCP or UDP.

Update Number 540040223,
18-February-2004
Category: Update Apache pattern, MS-ASN.1 Bitstring (VPN-1 NG with Application Intelligence R55)
Description: Updated patterns for Apache HTTP vulnerabilities to provide enhanced performance.

InterSpect Updates

Update Number 547040223,
18-February-2004
Category: Update Apache pattern
Description: Updated patterns for Apache HTTP vulnerabilities for InterSpect to sustain improved performance.

Update Number 540000036 ,
01-February-2004
Category: Soulseek P2P application protection
Description: This new protection is added to the existing list of Peer to Peer applications and can monitor, block and quarantine nodes running the peer to peer Suolseek application.

Further Information about SmartDefense Subscription Service Updates and Advisories

SmartDefense Subscription Service Updates
For the highest level of protection against emerging or unknown threats, Check Point provides SmartDefense Subscription customers with frequent attack mitigation updates. Subscribing customers get one-click, automatic SmartDefense Updates from within SmartDashboard. When Check Point publishes an update, the SmartCenter management server retrieves new signature patterns, protocol definitions and attack mitigation solutions from Check Point and distributes them to enforcement modules.

Examples of such updates include:

  • New SmartDefense components
  • Enhancements to new INSPECT scripts
  • New services

SmartDefense Subscription Service Advisories
SmartDefense Advisories provide technical information and mitigation methods against newly discovered vulnerabilities and exploits. SmartDefense Advisories may include patches to mitigate specific attacks as well as SCV checks.

*A free 1-year SmartDefense Subscription Service is included with InterSpect.

Useful links

Check Point SmartDefense blocked attack information available here.
Check Point SmartDefense technical information available here.
Check Point SmartDefense general information available here.

As always, please feel free to contact us directly if you have any comments or questions (sda-info@CheckPoint.com).

You received this email because our records indicate that you wish to be contacted about SmartDefense Updates, Advisories, product news, and security information. If you do not want to receive further mailings, unsubscribe by sending a message with "SIGNOFF SMARTDEFENSE-NEWS" command to LISTSERV@AMADEUS.US.CHECKPOINT.COM in the first line (not the subject).

Copyright (c) 2004 Check Point Software Technologies LTD