Check Point Appliance Hardware (Lachmann List, Update January 23rd 2017)

 Security  Comments Off on Check Point Appliance Hardware (Lachmann List, Update January 23rd 2017)
Jan 232017
 

For years Tobias Lachmann posted a list of Check Point hardware, for the last time on July 30th 2015. I am continuing and extending the list for the new appliances. Therefore I need your contribution. If you have an appliance at your fingers please be so kind to issue these commands
cat /proc/cpuinfo > lachmann.txt
cat /proc/meminfo >> lachmann.txt
and sent the file lachmann.txt with the appliance type as subject to lachmannlist@fink.sh. I will try to update the list by time.

Updates:

  • CPU & Memory 1490 (Thanks to Christoph Murth)

Continue reading »

Using Python on Check Point Firewalls

 Security  1 Response »
Jan 212017
 

Have you ever been frustrated that simple scripting is a problem when doing things on your Check Point firewall? There is a reason why compilers and scripting tools are very limited on such devices. The less options a potential attacker finds to do harm with the better.

As far as I remember from different trainings Check Point uses a GCC compiler to build the policies. But this compiler is said to be stripped down to a large extent.

And there exists Python within GAiA. I would not suggest to use this Python on a gateway, but on a management server it could be very useful.

This is how you start python:

[Expert@cp2205:0]# $FWDIR/Python/bin/python
Python 2.7.3 (default, Jun 27 2012, 14:41:05)
[GCC 3.2.3 20030502 (Red Hat Linux 3.2.3-20)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
Python usage is limited in Check Point security gateway

The last line is true. We will see it in a few moments. Let’s try with a simple script: Continue reading »