Threat Emulation with HTTP(S) Traffic

 Security  Comments Off on Threat Emulation with HTTP(S) Traffic
Nov 182016
 

SandBlast is wonderful

In my humble opinion, SandBlast Threat Emulation is one of the most effective software blades Check Point has ever built. I saw it rescuing some customers asses in the zenith of Locky & Co.

It is very smart with SMTP and filters out malicious mails in a wonderful way. Nearly one year ago one of our customers was heavy under attack with malicious PDFs coming in to about 1,500 different end users within 10 minutes. The file hash was changing nearly every fifth file. I could easily spot this from SmartLog.

Nothing bad happened to the customer besides some time of mail congestion, but every little piece of malware was sorted out by Check Point SandBlast Threat Emulation. Wonderful, really wonderful. Continue reading »

Check Point Appliance Hardware (Lachmann List, Update November 17th 2016)

 Security  Comments Off on Check Point Appliance Hardware (Lachmann List, Update November 17th 2016)
Nov 172016
 

For years Tobias Lachmann posted a list of Check Point hardware, for the last time on July 30th 2015. I will try to continue and extend the list for the new appliances. Therefore I need your contribution. If you have an appliance at your fingers please be so kind to issue these commands
cat /proc/cpuinfo > lachmann.txt
cat /proc/meminfo >> lachmann.txt

and sent the file lachmann.txt with the appliance type as subject to lachmannlist@fink.sh. I will try to update the list by time.

Updates:

  • CPU 5200 (Thanks to Magnus Holmberg)
  • CPU 3200 (Thanks to Thomas R.)
  • CPU/Mem TE2000X HPP (Christoph Murth)

Continue reading »

How to implement a cache?

 Security  Comments Off on How to implement a cache?
Nov 012016
 

Today I learned something astonishing about cache implementation.

What I thought before: When I have a cache with 20,000 entries and it fills up, I would define two marks. Let’s call them “high watermark” and “low watermark”. When the number of entries reaches the high watermark I will start to delete the most unused entries until we reach the low watermark. Let’s call this process “garbage collection”, furthermore.  Continue reading »