tag:blogger.com,1999:blog-77551362732530854832024-03-18T17:55:21.735+01:00CCMA's blogThis is a professional blog of Check Point Certified Master Architect (CCMA).
It does not represent position of my current employer.Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.comBlogger307125tag:blogger.com,1999:blog-7755136273253085483.post-86265838871729838212021-04-01T08:44:00.000+02:002021-04-01T08:44:33.242+02:00Check Point Research Leak - Universe Is A Simulation<p> <a href="https://research.checkpoint.com/wp-content/uploads/2021/03/code.jpg" style="clear: left; display: inline; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="454" data-original-width="800" height="182" src="https://research.checkpoint.com/wp-content/uploads/2021/03/code.jpg" width="320" /></a></p><p>According to unpublished documents, <a href="https://research.checkpoint.com/">Check Point Research a.k.a CP<R></a> division stumbled upon unequivocal proof that <b>we are living in a digital simulation</b>. </p><p>One of researches, <a href="https://www.linkedin.com/in/uval-kerby-16108720a/">Uval Kerby</a>, has decided to blow the whistle on an accidental discovery of that fact. He reached out to me the last week, and I have no other option but to publish what he told me. To make it simple, I am just posting the transcript of my phone call with Uval. Here we go (and you do want to sit down before continuing):<br /><br /><b>Author</b>: Uval, hi. How are you doing?</p><p><b>Uval</b>: Thanks, I am doing fine. I have only about 10 minutes, so let's just go to the main subject.</p><p><b>Author</b>: Sure, although, I have to admit, I have a hard time with the whole idea. Your email said, you have proof the world is a simulation, right? So what, are we all living in Matrix, like in the movie?</p><p><b>Uval</b>: No, no like in the movie. Matrix means there is a physical world outside of the simulation, and one can exit from the artificial construct into reality. That is not our case. We are all trapped in the simulation, and the boundaries are impenetrable for us. </p><p><b>Author</b>: Right... In your email, you have mentioned the work of <a href="https://www.simulation-argument.com/simulation.html">Nick Bostrom</a>, where he basically debunks the simulation theory, saying even if it is true, we do not have any practical means to prove it. Then, how come?</p><p><b>Uval</b>: Bostrom is good, and the work you are quoting is quite compelling. Before him, by the way, the same idea was contemplated by Mayans, Antique Greeks and even Rene Descartes. To prove you are in the simulation, you have to step out of that simulation. Like any character in your favourite computer game, you cannot do that, ever. But there is a catch. Bostrom, and any other philosophers are/were not coders. </p><p><b>Author</b>: How does that make a difference? I do not understand.</p><p><b>Uval</b>: Yes, it is only simple when you already know the answer and look at whole idea in retrospect. Let me put it in this way. Even if you cannot step out of the simulation, you still can hack it. Or could, as in our case. We hacked the universe.</p><p><b>Author</b>: Hacked?! What does even mean?</p><p><b>Uval</b>: Well, maybe not exactly hacked, but we managed to turn on some kind of "debug mode" in it, more than once.<br /><br /><b>Author</b>: Can you elaborate?</p><p><b>Uval</b>: I can try. In short, there are quite a few tell-tale signs all around us. My own revelation happened when I learned about <a href="https://en.wikipedia.org/wiki/Chronon">Chronon</a>, the quantum of time. The idea is about one century old. Robert Lévi came up with that theory in 1927, and since then it gained weight. Piero Caldirola is the author of compelling theory. For scholars, that is a way to simplify description of the observed results in quantum decoherence. For a coder it is something completely different. Why would time be discrete? It only makes sense if you are using a program which is calculating certain iterations. It looks like computational cycles, don't you think?</p><p><b>Author</b>: Maybe... But there is a huge difference between any aspects of quantum theories and your original claim. Can we stay on topic, please? Tell me what happened.<br /></p><p><b>Uval</b>: Sure. As part of my freelance, I am doing digital quantum calculus for CERN. There was an issue with interpretation of one of the experiments. The program worked, and the experiments show consistent results, but if we would run real time digital analysis an experiment, the outcome was odd. The particle chamber would go to a weird state, where the interacting particles would suddenly "freeze" for a moment. It looked like time in the chamber would freeze, while outside of it time was still ticking. </p><p>Author: How did CP<R> come into the picture?</p><p><b>Uval</b>: That's the best part. I wanted Check Point researches to look into any problem with the code we run, to make sure it is not compromised. CERN suffered multiple hacking attempts (some of them partially successful) over the last ten years. We wanted to be sure nobody plays us for a fool. I called <a href="https://www.linkedin.com/in/oded-vanunu-a131283/">Oded Vanunu</a>, and his team helped us. This is where we found what we found.</p><p><b>Author</b>:... not sure I understand.</p><p><b>Uval</b>: Our code was okay. But then cyber security researches found a way to freeze time without that particle chamber. In fact, we have discovered a combination of events leading to a relatively short time freeze in a certain portion of space. There is also way to define, how big this bubble of frozen time is, and how to manipulate it. Time is not just freezing, you can move it forward and back at will, within certain limits. It looks like certain chain of events "breaks" the simulation, and it goes to a limited debug mode of sorts, before recovering.</p><p><b>Author</b>: I am still trying to comprehend. Anyhow, why was not it published? Why the secrecy? Too dangerous? Military implications? Political pressure? Too crazy?</p><p><b>Uval</b>: Potentially, it could be all of the above, but... don't laugh... I think the main reason is that "debug mode" vulnerability in the universe is now patched. We cannot reproduce the effect anymore. Whoever runs the simulation, they detected our experiments and blocked us for good. We are now back to square one...<br /><br /> </p><p><br /></p><p><br /></p><br /><p><br /></p>Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-11269018071814343712019-04-01T08:19:00.000+02:002019-04-01T08:19:21.592+02:00Urgent - malware can affect humans!<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://research.checkpoint.com/wp-content/uploads/2019/02/SimBad_blog_1021x580.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="454" data-original-width="800" height="181" src="https://research.checkpoint.com/wp-content/uploads/2019/02/SimBad_blog_1021x580.jpg" width="320" /></a></div>
<br />
<a href="https://research.checkpoint.com/" target="_blank">CP<r> alert, 01.04.2019</r></a> <br />
<br />
<a href="https://research.checkpoint.com/" target="_blank">Check Point Research Team</a> is about to release an article concerning new and somewhat terrifying development in the world of malware. Apparently, they have discovered a strain of malware affecting not only computers and mobile devices but also humans.<br />
<br />
Similar to what has been described in <a href="https://en.wikipedia.org/wiki/Snow_Crash" target="_blank">Neal Stephenson's Snow Crash</a> novel, a computer virus sends some seemingly random sets of digits to GPU causing it to show short timed "garbage" images between the regular frames.<br />
<br />
This is believed to be a side effect of GPU crypto-jacking attempts.<br />
<br />
Normally those images are not registered by human mind, but if one's screen refresh rate is set to 60 frames per second, there is a risk of exposure.<br />
<br />
Our source claims that at least one of key researches has been affected.<br />
<br />
Symptoms can include nausea, headaches, seizures, and blackouts. In a long term, malware can lead to psychic and personality changes, causing anti-social behaviour, addiction to loud rock and rap music, desire to ware baseball caps, grow a beard, or to ride a heavy motorcycle at high speed.<br />
<br />
If you experience any of these symptoms, contact the author of this blog for further investigation. Do not panic, damage can be reversed, but requires immediate attention.<br />
<br />
<br />
<br />
<br /></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com4tag:blogger.com,1999:blog-7755136273253085483.post-81008290713016116932018-07-26T14:56:00.001+02:002018-07-26T14:56:03.396+02:00Future of this blog<div dir="ltr" style="text-align: left;" trbidi="on">
To all my readers, subscribers, colleagues and friends,<br />
<br />
In July this year, I have re-joined Check Point Software Technologies as a Cyber Security Evangelist. My new role is about developing and running <a href="https://community.checkpoint.com/" target="_blank">CheckMates</a> communities and live events in Europe and Asia.<br />
<br />
I have started this blog as a convenient working notes format, and then with your support and assistance it became much more than that. I have dome my best to share my expertise, knowledge and understanding of security practices in general and Check Point approach in addressing them in particular. I have met with some of you on my workshops, seminars, training events and also on CPUG and CPX events.<br />
<br />
Now it is time to take it to the next level.<br />
<br />
I am running several Check Point related groups on LinkedIn. In my new role, I have also assumed admin role at <a href="https://community.checkpoint.com/" target="_blank">CheckMates</a>. I will be going around to meet some of you during CheckMates User Group regional events. I am already having some dates booked for this year around Europe, and there will be more.<br />
<br />
However, it is no longer practical to run this particular blog as an independent discussion board. I will keep it alive, of course. But if you want to stay in touch, please follow me on <a href="https://www.linkedin.com/in/valeriloukine/" target="_blank">LinkedIn</a> and <a href="https://community.checkpoint.com/" target="_blank">CheckMates</a>, please.<br />
<br />
Thanks a lot for your support and trust, that means a lot.</div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-15472025720230128602018-06-07T13:19:00.000+02:002018-06-07T13:19:04.730+02:00Malwaretec vs FBI - all shades of grey<div dir="ltr" style="text-align: left;" trbidi="on">
There is a new development in the FBI vs Marcus Hutchins case. The young fellow is now facing another charge, <a href="https://www.cyberscoop.com/marcus-hutchins-upas-kit-charges-fbi/" target="_blank">about lying to FBI</a>.<br />
<br />
Marcus's arrest and detention in USA the last year was widely publicized, and his campaign to raise money for his defence is quite successful.<br />
<br />
I do appreciate his lawyer's vigour. There is a huge outcry now about how FBI has no case and keeps adding charges to the case. This is a reasonable strategy, however if we want to see the the real picture, it is also good to hear the other part of the story.<br />
<br />
There is of course, <a href="https://www.documentcloud.org/documents/4496027-Superseding-Indictment.html#document/p1" target="_blank">FBI's indictment papers</a>, but it is not a fun read, and a very long one. Instead I suggest you reading quite compelling research <a href="https://krebsonsecurity.com/2017/09/who-is-marcus-hutchins/" target="_blank">Krebs did on Marcus the last year</a>. If FBI is half as good as Krebs, I would be concerned about the actual outcome of this case. It seems to me there is no back in white in this specific situation, but lots of grey in too many shades.<br />
<br />
<br /></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-1851971421851293672018-04-20T15:51:00.001+02:002018-04-20T15:56:48.555+02:00GuardiCore scores 5 awards on RSA conference<div dir="ltr" style="text-align: left;" trbidi="on">
I am happy to share with you that <a href="http://guardicore.com/" target="_blank">GuardiCore</a> has received 5 (five!) prizes at RSA conference recently. Here is the short list:<br />
<br />
<a href="http://www.cyberdefensemagazine.com/infosec-awards-2018-winners/" target="_blank">InfoSec Magazine Awards:</a><br />
<span style="white-space: pre;"> </span><b>Cloud Security</b> - Best Product<br />
<span style="white-space: pre;"> </span><b>Microsegmentation</b> - Most Innovative<br />
<br />
<a href="http://www.infosecurityproductsguide.com/world/" target="_blank">InfoSecurity Global Excellence Awards:</a><br />
<span style="white-space: pre;"> </span><b>Innovative Company of the Year</b> (Security)<br />
<span style="white-space: pre;"> </span><b>Cloud Security</b><br />
<span style="white-space: pre;"> </span><b>Deception Based Security</b><br />
<br />
Proud to be a guardicorean!</div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-29188842843780894182018-03-30T16:22:00.000+02:002018-03-30T16:22:03.863+02:00Cloud security concerns and ways to address them<div dir="ltr" style="text-align: left;" trbidi="on">
It is common today for cloud services to be compromised for months without detection. Remember <a href="https://www.ccn.com/tesla-becomes-the-latest-big-name-crypto-jacking-victim/" target="_blank">that Tesla cloud case</a>, where hackers were able to mine moneros for at least a month before being detected? Similar things may happen to others.<br />
<br />
Today <a href="https://www.cnbc.com/2018/03/29/under-armour-stock-falls-after-company-admits-data-breach.html" target="_blank">MyFitnessPal has sent a notification to its users that their accounts are compromised</a>. The hack as discovered five days ago, but the actual hack happened at least a month ago. 150 million accounts are affected.<br />
<br />
In light of GDPR coming into effect in May this year, I would expect many companies to review and eventually report personal data breaches more often.<br />
<br />
Let's face it: cloud requires elaborate and agile security tools. It is not enough to through an expensive FW on the perimeter anymore to feel safe. If at least one VM or container is compromised, the whole environment is pretty much a goner, unless you have ability to detect and mitigate penetration on time.<br />
<br />
Cloud security solution should combine elasticity, effective micro- and nano-segmentation abilities, application integrity control and effective breach detection that would help to avoid a situation when hackers are sitting at your cloud for weeks and months without being detected.<br />
<br />
<a href="https://www.guardicore.com/workload-protection-hybrid-cloud/" target="_blank">GuardiCore Centra </a>is probably the only one solution today that combines dynamic deception, deputation based detection, effective segmentation technology and unprecedented visibility for virtualised and cloud based data center environment.<br />
<br />
Feel free to contact me if you want to learn more.</div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-62823687802449199262018-02-10T11:03:00.002+01:002018-02-12T12:58:39.719+01:00UserCenter battle continues as Check Point account services are still failing to do their job properly<div dir="ltr" style="text-align: left;" trbidi="on">
In <a href="http://checkpoint-master-architect.blogspot.ch/2018/02/changing-jobs-brace-yourself-for-impact.html" target="_blank">my previous post</a> I have already mentioned that my old account came back online. I have also received several notifications from CP account services.<br />
<br />
The first one was hilarious. They have asked me to update my email with Pearson VUE before transferring my certifications that are already granted. After asking them if this is a joke, they reported that they have transferred certification history. Well, I had to check. Guess what...<br />
<br />
<b>Two out of 14 certificates were lost</b> in the process. Every time account services answer, they are also closing the open case. I have had to reopen it twice already.<br />
<br />
So far nobody picked up <a href="http://checkpoint-master-architect.blogspot.ch/2018/02/changing-jobs-brace-yourself-for-impact.html" target="_blank">a challenge about email address change</a>. Too bad, as all this hustle would be avoided completely, would I be able to change that bloody email myself.<br />
<br />
However, I would like to ask one more question. <b><i>What is wrong with account services and Check Point?</i></b> Why are they failing to perform a simple task?<br />
<br />
<b>Update: </b>The issue is finally resolved. 6 days and two escalations. For a simple email change. Fantastic job, Check Point, really well done<br />
<br />
<br /></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-24551064446281161132018-02-08T14:54:00.002+01:002018-02-09T13:01:54.463+01:00Changing jobs? Brace yourself for impact of losing your UserCenter access<div dir="ltr" style="text-align: left;" trbidi="on">
Probably the most annoying part of having and account with Check Point UserCenter is that you cannot change your email address.<br />
<br />
Which is, please allow me to say it plainly, <b>utterly stupid</b>.<br />
<br />
8 years ago the company I was working for, Dimension Data, had gone through a re-branding phase. All emails where changed from <i>'name'<name>@'region'<region>.didata.com</region></name></i> to <i>'name'<name>@dimensiondata.com</name>. </i>Considering hundreds of accounts for all company employees around the globe, the impact was huge.<br />
Old email accounts were discontinued, so to fix this, we have approached Check Point with a request to re-assign logins to new new email domain. Guess what was the answer?<br />
<br />
-<i><b> No can do.</b></i><br />
<br />
So hundreds of DD engineers, sales and accounting guys have had to re-create email alliances to continue working with Partners' portal and UserCenter. They are still using this method now, after those 8 years. It was easier to keep all email addresses afloat than redefine manually tons of dependencies and details.<br />
<br />
That was about business. On a personal level there is also lots of pain. If you are changing jobs, be ready that Check Point will sever your access even if you ask them not to do that.<br />
<br />
In my case, I have left Dimension Data at the beginning of 2018. One month before that I have opened a case with account services to move my certification details, CheckMates account and UserCenter access to another email address. Once more, the answer is:<br />
<br />
-<i><b> We cannot do that. Please open a new UserCenter account and ask to move your certificates there. </b></i><br />
<br />
They have also assured me that my old account will not be closed automatically. Guess what... It is no longer working.<br />
<br />
The main implication with changing your email with UserCenter this was is that you lose your history and your CheckMates access. You will appear as a new user everywhere. You will have to wait till they figure out how to move your certification. And I suspect recovering expert access to UserCenter resources will also be a story.<br />
<br />
I do not even want to speculate why an established security company cannot figure our <b>how to change an account ID</b> <b>without killing it</b> altogether in the process.<br />
<br />
However, this is the reality we are facing today. If you are planning to change your job, make sure you download all your valid certificates and bookmark your CheckMates threads. Because you will not be able to keep all that intact after moving to another email address. Bugger...<br />
<br />
I dare Check Point admins to name me a single reason why I cannot change <b>my</b> email address on <b>my</b> account.<br />
<br />
Anybody out there up for the challenge?<br />
<br />
<br />
-----------------<br />
<b>Update:</b> My old account is operational again. Whoever is responsible, thanks a lot. The issue of transferring the access level and certification history to a new account is not yet resolved. So the challenge stands.<br />
<br />
<br />
<br />
<br />
<br />
<br /></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com1tag:blogger.com,1999:blog-7755136273253085483.post-33617045300558249592018-02-01T09:02:00.001+01:002018-02-01T22:47:47.272+01:00The main cyber security questions of 2017 and the way to answer them<div dir="ltr" style="text-align: left;" trbidi="on">
At the end of 2017 I was talking to some US based business analytics firm, and the main questions they asked was <b><i>why</i></b>.<br />
<br />
<i>- Why security budgets are not growing rapidly, after all that scare with WannaCry and NotPetya? </i><br />
<i>- Why businesses are not spending more to protect themselves, aren't they scared now? </i><br />
<i>- Why the impact was so hard, even for the customers with high end perimeter security systems?</i><br />
<i>- Why is it happening?</i><br />
<br />
<br />
Well, let's start with the easy one. Businesses <b>are </b>scared.<br />
<br />
They were scared long before 2017 malware rampage. In 2017 they suddenly realised <b>it does not matter</b> how scared you are. They reached the limit of fear. They have realised <b>it does not matter how much you spend</b> on perimeter security. It does not matter how well-known your vendor is, which part of the Gartner it occupies and how great is his marketing campaign. <b>None if it matters</b>. By the end of the day, a weak link will be found and you will be owned.<br />
<br />
So business is doing what it's doing best - counting money. They have switched to a risk management mode. For what it worth, backup tech budgets were raised, not firewalls. Additional insurances and legal protection fees are on the rise, not perimeter security budgets.<br />
<br />
The second why is also simple but not that obvious. Perimeter security solutions today are top-notch, but they are still failing the customers. You can have all the jazz: FW, IPS, Anti-Virus, sandboxing, and you will still miss something eventually. Or even better, business will not wait for your security cycle and will deploy something completely exposed, with, god forbid, SMB services open to the Internet.<br />
<br />
Hello, WannaCry, here is your free lunch, come and get it.<br />
<br />
In the eternal struggle between security professionals and business the latter always wins. Why? Because, think about it. It is just the matter of money. Business makes money, security spends some of it. If from the business perspective cost to effect ratio is not getting better, additional spendings are at best questionable.<br />
<br />
Yet, the major security vendors are still beating the dead horse. Every conference, every vendor event includes some scare presentation about malware on a loose, hackers success stories and slides with names and sums of damages in big red letters.<br />
<br />
Well, good luck with that.<br />
<br />
In <a href="http://guardicore.com/" target="_blank">Guardicore</a> we take an alternative route. We protect your East-West traffic, securing later movements in your infrastructure. We enable business and speed up DevOps actions by applying dynamic labelling as part of micro segmentation security policies, we provide unprecedented visibility of your assets traffic and detect intrusion attempts and anomalies in real time. On top of all that, we provide dynamic deception to lure an attacker into a honeypot to make sure his tools and tactics are registered and blocked everywhere across the ecosystem.<br />
<br />
The new age of security is here. You do not have to be scared anymore.<br />
<span style="white-space: pre;"> </span></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-15182027211197921762018-01-23T10:48:00.001+01:002018-01-23T10:49:09.681+01:00Come to my session at CPX in Barcelona<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcMhrYMhTKLCwzpAy3OhyphenhyphenQJLm-koZM1iIU_aPVEXdKoOOpFZiULY0vdv63jo7Xqu-qMv3MbpWA6KTMOC-7BDgifuDfCTzzV8e0Od4n1kkBxkzFJNkSf7wafyNai8EiB6J80wMOgJQi6cLf/s1600/speakers+cpx.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="451" data-original-width="1196" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcMhrYMhTKLCwzpAy3OhyphenhyphenQJLm-koZM1iIU_aPVEXdKoOOpFZiULY0vdv63jo7Xqu-qMv3MbpWA6KTMOC-7BDgifuDfCTzzV8e0Od4n1kkBxkzFJNkSf7wafyNai8EiB6J80wMOgJQi6cLf/s400/speakers+cpx.png" width="400" /></a></div>
<br />
Hi all, if you are coming to CPX 360° at Barcelona, feel free to visit my session about hybrid cloud security practices. It happens on Thursday at 14:00 in the room 116.<br />
<br />
<br /></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-75128985396770791442018-01-03T11:09:00.003+01:002018-01-03T11:10:26.791+01:00Goodbye Check Point, Hello GuardiCore<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: rgba(0 , 0 , 0 , 0.7); font-family: "source sans pro" , "helvetica" , "arial" , sans-serif , "hiragino kaku gothic pro" , "meiryo" , "hiragino sans gb w3" , "noto naskh arabic" , "droid arabic naskh" , "geeza pro" , "simplified arabic" , "noto sans thai" , "thonburi" , "dokchampa" , "droid sans thai" , "droid sans fallback" , , ".sfnsdisplay-regular" , "heiti sc" , "microsoft yahei" , "segoe ui"; font-size: 15px; white-space: pre-wrap;">Today is my last day with Dimension Data. Looking back to almost 10 years of my work there, I want to say thank you for all my colleagues and friends for their support, help and assistance through that time.
I felt being appreciated and valued, I have had many interesting projects, challenges and wins.
Later this week I will board a plane to Tel Aviv to join my new company: <a href="https://www.guardicore.com/" target="_blank">GuardiCore</a>.
I have visited GuardiCore on September the last year while being on vacation in Israel by the invitation of <a href="https://www.guardicore.com/author/sharonguardicore-com/" target="_blank">Sharon Besser</a>. I falled instantly in love with the company, the technology and the team. At that point my departure from Dimension Data was only a question of time.
I am leaving a very comfortable place to embarque on a new exciting journey. I am also giving up my 17 years of Check Point engineering for a challenging world of cloud and virtualization security.
If you are concerned about your virtualized DC security, if you are seriously considering moving to a cloud, private, hybrid or public, feel free to ask for an advice. I will be happy to assist you into putting in place a brilliant and effective security solution - GuardiCore Centra.
I also have to add a note about my personal projects related to Check Point. </span><br />
<span style="background-color: white; color: rgba(0 , 0 , 0 , 0.7); font-family: "source sans pro" , "helvetica" , "arial" , sans-serif , "hiragino kaku gothic pro" , "meiryo" , "hiragino sans gb w3" , "noto naskh arabic" , "droid arabic naskh" , "geeza pro" , "simplified arabic" , "noto sans thai" , "thonburi" , "dokchampa" , "droid sans thai" , "droid sans fallback" , , ".sfnsdisplay-regular" , "heiti sc" , "microsoft yahei" , "segoe ui"; font-size: 15px; white-space: pre-wrap;"><br /></span>
<span style="background-color: white; color: rgba(0 , 0 , 0 , 0.7); font-family: "source sans pro" , "helvetica" , "arial" , sans-serif , "hiragino kaku gothic pro" , "meiryo" , "hiragino sans gb w3" , "noto naskh arabic" , "droid arabic naskh" , "geeza pro" , "simplified arabic" , "noto sans thai" , "thonburi" , "dokchampa" , "droid sans thai" , "droid sans fallback" , , ".sfnsdisplay-regular" , "heiti sc" , "microsoft yahei" , "segoe ui"; font-size: 15px; white-space: pre-wrap;">With this transaction, unfortunately, I will have to put to rest <a href="https://www.facebook.com/CPExpertTalks/" target="_blank">Check Point Expert Talks</a>. </span><br />
<span style="background-color: white; color: rgba(0 , 0 , 0 , 0.7); font-family: "source sans pro" , "helvetica" , "arial" , sans-serif , "hiragino kaku gothic pro" , "meiryo" , "hiragino sans gb w3" , "noto naskh arabic" , "droid arabic naskh" , "geeza pro" , "simplified arabic" , "noto sans thai" , "thonburi" , "dokchampa" , "droid sans thai" , "droid sans fallback" , , ".sfnsdisplay-regular" , "heiti sc" , "microsoft yahei" , "segoe ui"; font-size: 15px; white-space: pre-wrap;"><br /></span>
<span style="background-color: white; color: rgba(0 , 0 , 0 , 0.7); font-family: "source sans pro" , "helvetica" , "arial" , sans-serif , "hiragino kaku gothic pro" , "meiryo" , "hiragino sans gb w3" , "noto naskh arabic" , "droid arabic naskh" , "geeza pro" , "simplified arabic" , "noto sans thai" , "thonburi" , "dokchampa" , "droid sans thai" , "droid sans fallback" , , ".sfnsdisplay-regular" , "heiti sc" , "microsoft yahei" , "segoe ui"; font-size: 15px; white-space: pre-wrap;">This blog will remain up, and I am still deciding whether I will continue it as it is or run a spin-off for cloud security only.</span><br />
<span style="background-color: white; color: rgba(0 , 0 , 0 , 0.7); font-family: "source sans pro" , "helvetica" , "arial" , sans-serif , "hiragino kaku gothic pro" , "meiryo" , "hiragino sans gb w3" , "noto naskh arabic" , "droid arabic naskh" , "geeza pro" , "simplified arabic" , "noto sans thai" , "thonburi" , "dokchampa" , "droid sans thai" , "droid sans fallback" , , ".sfnsdisplay-regular" , "heiti sc" , "microsoft yahei" , "segoe ui"; font-size: 15px; white-space: pre-wrap;"><br /></span>
<span style="background-color: white; color: rgba(0 , 0 , 0 , 0.7); font-family: "source sans pro" , "helvetica" , "arial" , sans-serif , "hiragino kaku gothic pro" , "meiryo" , "hiragino sans gb w3" , "noto naskh arabic" , "droid arabic naskh" , "geeza pro" , "simplified arabic" , "noto sans thai" , "thonburi" , "dokchampa" , "droid sans thai" , "droid sans fallback" , , ".sfnsdisplay-regular" , "heiti sc" , "microsoft yahei" , "segoe ui"; font-size: 15px; white-space: pre-wrap;">Your thought for the matter are appreciated. </span><br />
<span style="background-color: white; color: rgba(0 , 0 , 0 , 0.7); font-family: "source sans pro" , "helvetica" , "arial" , sans-serif , "hiragino kaku gothic pro" , "meiryo" , "hiragino sans gb w3" , "noto naskh arabic" , "droid arabic naskh" , "geeza pro" , "simplified arabic" , "noto sans thai" , "thonburi" , "dokchampa" , "droid sans thai" , "droid sans fallback" , , ".sfnsdisplay-regular" , "heiti sc" , "microsoft yahei" , "segoe ui"; font-size: 15px; white-space: pre-wrap;"><br /></span>
<span style="background-color: white;"><span style="color: rgba(0 , 0 , 0 , 0.701960784313725); font-family: "source sans pro" , "helvetica" , "arial" , sans-serif , "hiragino kaku gothic pro" , "meiryo" , "hiragino sans gb w3" , "noto naskh arabic" , "droid arabic naskh" , "geeza pro" , "simplified arabic" , "noto sans thai" , "thonburi" , "dokchampa" , "droid sans thai" , "droid sans fallback" , , , "heiti sc" , "microsoft yahei" , "segoe ui";"><span style="font-size: 15px; white-space: pre-wrap;">Anyhow, wish me luck and stay in touch. We will have yet another good ride, people. This time, to the cloud and beyond. </span></span></span><br />
<span style="background-color: white; color: rgba(0 , 0 , 0 , 0.7); font-family: "source sans pro" , "helvetica" , "arial" , sans-serif , "hiragino kaku gothic pro" , "meiryo" , "hiragino sans gb w3" , "noto naskh arabic" , "droid arabic naskh" , "geeza pro" , "simplified arabic" , "noto sans thai" , "thonburi" , "dokchampa" , "droid sans thai" , "droid sans fallback" , , ".sfnsdisplay-regular" , "heiti sc" , "microsoft yahei" , "segoe ui"; font-size: 15px; white-space: pre-wrap;"><br /></span></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com6tag:blogger.com,1999:blog-7755136273253085483.post-24463243615788787132017-11-06T17:16:00.001+01:002018-08-18T14:37:12.093+02:00Kernel debug Best Practices or "Why "fw ctl zdebug..." should not be used"<div dir="ltr" style="text-align: left;" trbidi="on">
Over last several days I have seen rapidly growing amount of posts at CPUG and CP Community where "<span style="font-family: "courier new" , "courier" , monospace;">fw ctl zdebug...</span>" command was mentioned, used and advised.<br />
<br />
Although some of you already know my position for the matter, I have decided to write a post about the growing custom to use <span style="font-family: "courier new" , "courier" , monospace;">zdebug</span> instead of employing full <span style="font-family: "courier new" , "courier" , monospace;">fw ctl debug</span> mechanism.<br />
<br />
<h2 style="text-align: left;">
Kernel debug in general</h2>
<br />
Check Point FW is essentially a Linux-based system with a kernel module inserted between drivers and OS IP stack. If you do not know what I am talking about, you may want to look into <a href="https://checkpoint-master-architect.blogspot.co.uk/2015/09/the-very-first-nugget-is-published.html" target="_blank">this post with an explanatory video for the matter</a>.<br />
<br />
Extracting information about kernel based security decisions is rather tricky, so Check Point developed an elaborate tool to read some info about various FW kernel modules actions.<br />
<br />
In a nutshell, each kernel module has multiple debug flags that force code to start printing out some information. I have <a href="https://checkpoint-master-architect.blogspot.co.uk/search?q=debug&max-results=20&by-date=true" target="_blank">numerous posts in this blog explaining different flags, tips and tricks with kernel debug and also providing links to CP kernel debug documents.</a><br />
<br />
<h2 style="text-align: left;">
Debug buffer</h2>
<br />
It is important to understand FW kernel is always printing out some debug messages. For most of the kernel modules, error and warning flags are active, and the output goes to <span style="font-family: "courier new" , "courier" , monospace;">/var/log/messages</span> by default. This is not practical for debug, so before starting kernel debug, an engineer needs to set a buffer which would receive debug output instead of <span style="font-family: "courier new" , "courier" , monospace;">/var/log/messages</span> file.<br />
<br />
To do so, the following command is used: <span style="font-family: "courier new" , "courier" , monospace;">fw ctl debug -buf XXXXX</span>, where <span style="font-family: "courier new" , "courier" , monospace;">XXXXX</span> is the buffer size in KB. The maximum possible buffer today is 32 MB, but I advise my students to use 99999 to make sure they get maximum buffer possible anyway.<br />
<br />
Kernel can be very chatty, so having a bigger buffer would ensure less kernel messages being lost.<br />
<br />
<h2 style="text-align: left;">
Debug modules and flags</h2>
<br />
FW kernel is a complex structure. It is built with multiple modules. Each of the modules has its own flags. One can run a single debug session with multiple flags raised for several modules. To raise debug flags, one use one or several commands of this type:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">fw ctl debug -m (module name) (+|-) (list of flags)</span><br />
<br />
It is essential that + and - options allow you to raise and remove flags on the fly, even during an already running debug session. List of modules and flags <a href="https://checkpoint-master-architect.blogspot.co.uk/2017/07/r8010-debug-documents-are-now-public.html" target="_blank">can be found by the first link in this post</a>.<br />
<br />
<h2 style="text-align: left;">
Printing info out of buffer</h2>
<br />
Raising flags is not enough, as to get information, you need to start reading buffer out with this command:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">fw ctl kdebug -f (with some options)</span><br />
<br />
There will be A LOT of information, so never do this on the console. Use SSH session or redirect to a file.<br />
<br />
<h2 style="text-align: left;">
Stopping debug</h2>
<br />
Once you collected the relevant info, you need to reset kernel debug to the default settings, otherwise you FW will continue printing out tons of unnecessary info. To do so, run<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">fw ctl debug 0</span><br />
<br />
<h2 style="text-align: left;">
What is <span style="font-family: "courier new" , "courier" , monospace;">fw ctl zdebug</span> then?</h2>
<span style="font-family: "courier new" , "courier" , monospace;">fw ctl zdebug</span> is <u>an internal R&D macros</u> to cut corners when developing and testing new features <u>in the sterile environment</u>. It is equivalent to the following sequence of commands:<br />
<br />
f<span style="font-family: "courier new" , "courier" , monospace;">w ctl debug -buf 1024</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">fw ctl debug (your options)</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">fw ctl kdebug -f</span><br />
-------(waiting for Ctrl-C)<br />
<span style="font-family: "courier new" , "courier" , monospace;">fw ctl debug 0</span><br />
<br />
<h2 style="text-align: left;">
Why is this a problem?</h2>
<div>
<br /></div>
<div>
If you are still reading this post and get to this line, you probably think <span style="font-family: "courier new" , "courier" , monospace;">zdebug</span> is a god sent miracle. It simplifies so many things, it is the only way to run debug in production environment! Right? </div>
<div>
<br /></div>
<div>
<b>Wrong</b>.<b> </b>To make it plain, here is the list of problematic point with this way of doing things:</div>
<div>
<br /></div>
<div>
1. <b>The buffer is way too small</b>. Lots and lots of messages might be just lost because buffers does not have enough room to hold them before read.</div>
<div>
2. <b>It is not flexible enough</b>. Running debug in production requires lots of consideration and certain amount of caution. After all, you are asking FW kernel to do extra things, lots of them. The best practice is to start with a single flag or two and expand area of research in the fly trying to catch an issue. This is impossible to do with fw ctl zdebug macros.</div>
<div>
3. <b>It is too simple to use</b>. You could say, what a funny argument. Yet, let's think about it. To master kernel debug as described above, one has to understand kernel structure, dependencies, flags and modules. You don't have to do any of that to run <span style="font-family: "courier new" , "courier" , monospace;">fw ctl zdebug drop</span>, and many people do just that. </div>
<div>
<br /></div>
<div>
My personal position on this is that kernel debug is a sensitive and risky operation. It requires understanding of the technology and the tool itself beforehand. Without such understanding one could miss messages, complicate things and in some very limited cases, crash the GW under debug. The latter I have not seen for quite some time, though.</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">-----------</span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">Support <a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">CPET</a> project and this blog with</span><span style="font-size: xx-small;"> your donations to <a href="https://www.paypal.me/cpvideonuggets" style="color: #33aaff; text-decoration-line: none;">https://www.paypal.me/cpvideonuggets</a> </span></div>
<br style="background-color: white; color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;" /></div>
<br /></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com9tag:blogger.com,1999:blog-7755136273253085483.post-36944811289764941142017-10-30T11:41:00.001+01:002017-10-30T11:41:39.502+01:00Check Point researches dissect IOTroops Botnet<div dir="ltr" style="text-align: left;" trbidi="on">
Check Point security research team has recently posted an <a href="https://research.checkpoint.com/iotroop-botnet-full-investigation/?utm_content=bufferbfe2c&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer" target="_blank">elaborate and impressive report about IOTroops botnet</a>.<br />
<br />
The details and depth are fascinating. Highly <a href="https://research.checkpoint.com/iotroop-botnet-full-investigation/?utm_content=bufferbfe2c&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer" target="_blank">recommended to read</a>.<br />
<br />
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">-----------</span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">Support <a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">CPET</a> project and this blog with</span><span style="font-size: xx-small;"> your donations to <a href="https://www.paypal.me/cpvideonuggets" style="color: #33aaff; text-decoration-line: none;">https://www.paypal.me/cpvideonuggets</a> </span></div>
<br />
<br /></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com1tag:blogger.com,1999:blog-7755136273253085483.post-79794954728984351722017-10-16T10:41:00.000+02:002017-10-16T16:54:36.999+02:00Check Point is finally fixing issue with CCSM continuity, somewhat<div dir="ltr" style="text-align: left;" trbidi="on">
At the beginning of the year I was posting about CCSM continuity hiccup (<a href="http://checkpoint-master-architect.blogspot.co.uk/2017/02/ccsm-lacks-continuity-and-it-is-check.html" target="_blank">1</a>, <a href="http://checkpoint-master-architect.blogspot.co.uk/2017/02/ccsm-more-warning-signs.html" target="_blank">2</a>, <a href="http://checkpoint-master-architect.blogspot.co.uk/2017/02/check-point-breaks-silence-about-ccsm.html" target="_blank">3</a>).<br />
<br />
In a nutshell, there were two main issues:<br />
<br />
1. CP did not managed to let people with expiring CCSM re-certificate in time and did not provide any graceful extension.<br />
2. Due to a clerical error, some people were getting 4 years of CCSM certification while others were having only 2.<br />
<br />
I have taken liberty to contact Check Point Education Services managers and to discuss the issue. There was a quite long threat with dozens of emails back and forth, and finally in February Check Point Certification manager has <a href="http://checkpoint-master-architect.blogspot.co.uk/2017/02/check-point-breaks-silence-about-ccsm.html" target="_blank">publicly acknowledged the mentioned issue</a>.<br />
<br />
However, Check Point did not provide any solution for the matter at that time. Moreover, they have rejected my private proposal to make a one time correction of CCSM validity for all certified specialists from 2 to 4 years, that would resolve both continuity and consistency problems in one shot.<br />
<br />
This situation has undermined public trust and appeal of having the highest certification level with Check Point. Also, new partnership program does not require having any CCSMs, even for support partners. It seemed to me that the company did not have any solid strategy to develop an advanced certification at this point.<br />
<br />
In my humble opinion, CCSM is nothing but a stripped down version of older CCSE Plus certification, and cannot be even compared with flawed but very challenging CCMA exams that Check Point eventually failed as well.<br />
<br />
That said, there are signs the company is finally coming to its senses and trying to reverse the situation.<br />
<br />
At the end of September all CCSMs have received an email from Check Point Certification manager Jason Tugwell granting an extension of CCSM status for all people having their certificates expired between the beginning of 2017 and up to end of March 2018.<br />
<br />
Everyone in this group, including those whose certification has lapsed already, are granted extension of CCSM status till end of June 2018.<br />
<br />
Although this is not making right 2 years of certification versus 4 years for some, but it is still covering the continuity lapse, under condition Check Point Education Services will be able to develop and release new CCSM course and exam till the second quarter of 2018.<br />
<br />
Just to make it clear,<b> the extension notice should be received by all CCSM professionals whose certification expires between January 2017 and March 2018</b>. If you are one of them but did not receive such notice, please talk to account managment at Check Point to fix it.<br />
<br />
<br />
<br />
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">-----------</span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">Support <a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">CPET</a> project and this blog with</span><span style="font-size: xx-small;"> your donations to <a href="https://www.paypal.me/cpvideonuggets" style="color: #33aaff; text-decoration-line: none;">https://www.paypal.me/cpvideonuggets</a> </span></div>
</div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com5tag:blogger.com,1999:blog-7755136273253085483.post-46086202530190722362017-09-06T10:17:00.001+02:002017-09-06T10:17:53.954+02:00Your ultimate landing page for Advanced Tech Reference Guides<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
Check Point SecureKnowledge database is vast. It has hundreds of thousands of articles and documents. Sometimes, it takes a bit of an effort to find there what you are looking for.<br />
<br />
Yet, it sometimes yields fantastic results. Here is something you may want to add to your bookmarks: <a href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doShowtechnicalreferenceguides" target="_blank">a landing page for accessing ATRGs - Advanced Technical Reference Guides</a>. <br />
<br />
So far, it has links to 36 ATRGs. Whenever you want to learn a feature in depth, this is something you want to visit.<br />
<br />
Also, it now has three new documents:<br />
<br />
<ul style="text-align: left;">
<li>ATRG: Content Awareness (CTNT) - <a href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk119715" rel="noopener" style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: #827be9; font-family: Times, "Times New Roman", serif; font-size: 15px; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline; white-space: pre-line;" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk119715</a><span style="background-color: white; color: rgba(0, 0, 0, 0.85); font-family: Times, "Times New Roman", serif; font-size: 15px; white-space: pre-line;"> </span></li>
<li>ATRG: Threat Emulation - <a href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk114806" rel="noopener" style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: #827be9; font-family: Times, "Times New Roman", serif; font-size: 15px; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline; white-space: pre-line;" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk114806</a><span style="background-color: white; color: rgba(0, 0, 0, 0.85); font-family: Times, "Times New Roman", serif; font-size: 15px; white-space: pre-line;"> </span></li>
<li>ATRG: Compliance Blade (R80.10 and above) - <a href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk120256" rel="noopener" style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: #827be9; font-family: Times, "Times New Roman", serif; font-size: 15px; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline; white-space: pre-line;" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk120256</a></li>
</ul>
<br />
<span style="font-family: Times, Times New Roman, serif;"><span style="background-color: white; color: rgba(0, 0, 0, 0.85); font-size: 15px; white-space: pre-line;"><br /></span></span>
<span style="color: rgba(0, 0, 0, 0.850980392156863); font-family: Times, Times New Roman, serif;"><span style="background-color: white; font-size: 15px; white-space: pre-line;">Many thanks to <a href="https://www.linkedin.com/in/sergeis/" target="_blank">Sergei Shir </a>for sharing this information.</span></span><br />
<br />
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">-----------</span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">Support <a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">CPET</a> project and this blog with</span><span style="font-size: xx-small;"> your donations to <a href="https://www.paypal.me/cpvideonuggets" style="color: #33aaff; text-decoration-line: none;">https://www.paypal.me/cpvideonuggets</a> </span></div>
<br style="background-color: white; color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;" /></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-80649292476383172122017-08-07T17:16:00.001+02:002017-08-07T17:16:03.360+02:00Capsule Docs on Mac? Forget about it...<div dir="ltr" style="text-align: left;" trbidi="on">
Last year I was writing about <a href="http://checkpoint-master-architect.blogspot.co.uk/2016/03/using-capsule-docs-app-on-mac.html" target="_blank">my rather unpleasant experience around Capsule Docs on Mac</a>. It is time to add another chapter to that story. <br />
<br />
I have made yet another attempt to use the tool on Mac. With my 10.12.6 Sierra machine it fails even more miserable than before. With the latest client (still Alpha, mind you!), I cannot even open a document.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTt9hW8aPowMVR8WOi5fGyiQwnRhxisQKe-sx7x5FD9cl4Yki3fJFMhZ8CPXizgorQUhMzM5lRc2ZnYTCjOzLCCsU-E3Zh76ZH_XUaga4OV5YHWEfshm9OKhTmROqgkfg-t9-VHqfmkyCh/s1600/Screen+Shot+2017-08-07+at+16.31.03.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="782" data-original-width="1292" height="193" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTt9hW8aPowMVR8WOi5fGyiQwnRhxisQKe-sx7x5FD9cl4Yki3fJFMhZ8CPXizgorQUhMzM5lRc2ZnYTCjOzLCCsU-E3Zh76ZH_XUaga4OV5YHWEfshm9OKhTmROqgkfg-t9-VHqfmkyCh/s320/Screen+Shot+2017-08-07+at+16.31.03.png" width="320" /></a></div>
<br />
<br />
<br />
Although I am logged in and even can open the same document on Windows with the same credentials, I am getting "Insufficient permissions"...<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTe3H4M2U8pOVk3yz5R_yqpHTEiVo2hWwqF9DL2SrqFIdamqVHjPPyC6jQektEDjnb2w0hKcJpiqGwNZHxjyJ2Pdqu0xg1qZuAs7HQJFF5EUFUea3sZTdnz_iDr9_PeT1Br6HPx0ZjnMhp/s1600/Screen+Shot+2017-08-07+at+16.27.55.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="310" data-original-width="824" height="120" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTe3H4M2U8pOVk3yz5R_yqpHTEiVo2hWwqF9DL2SrqFIdamqVHjPPyC6jQektEDjnb2w0hKcJpiqGwNZHxjyJ2Pdqu0xg1qZuAs7HQJFF5EUFUea3sZTdnz_iDr9_PeT1Br6HPx0ZjnMhp/s320/Screen+Shot+2017-08-07+at+16.27.55.png" width="320" /></a></div>
<br />
<br />
How hard can it be, really? What should happen for Check Point to start getting Mac user seriously?<br />
<br />
In case you ask, the only reason for me to even touch Capsule Doc Viewer is that Check Point Education Services discontinued paper courseware, forcing both students and instructors to use e-kits with Capsule Docs protection. I will address this subject later on.<br />
<br />
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">-----------</span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">Support <a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">CPET</a> project and this blog with</span><span style="font-size: xx-small;"> your donations to <a href="https://www.paypal.me/cpvideonuggets" style="color: #33aaff; text-decoration-line: none;">https://www.paypal.me/cpvideonuggets</a> </span></div>
<br />
<br /></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com9tag:blogger.com,1999:blog-7755136273253085483.post-342120521336206302017-07-30T18:32:00.002+02:002017-07-30T18:32:36.735+02:00CPET session 3 - video is published<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: left;">
Thanks all who could join.<br /><br />The session subject is <b>Kernel Debug, best practices</b></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe width="320" height="266" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/HISRJRFdW1E/0.jpg" src="https://www.youtube.com/embed/HISRJRFdW1E?feature=player_embedded" frameborder="0" allowfullscreen></iframe></div>
<br />
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">-----------</span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;"><a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">CPET</a> project relies on your support. </span><br /><span style="font-size: xx-small;">Participate in the talks and help us with your donations to <a href="https://www.paypal.me/cpvideonuggets" style="color: #33aaff; text-decoration-line: none;">https://www.paypal.me/cpvideonuggets</a> </span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">Follow us on <a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">Facebook</a> and <a href="https://twitter.com/CPExpertTalks" style="color: #888888; text-decoration-line: none;">Twitter.</a> </span></div>
</div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-17598467865685330872017-07-28T12:43:00.000+02:002017-07-28T12:43:11.127+02:00Do not miss CPET live session this Sunday <div dir="ltr" style="text-align: left;" trbidi="on">
<a href="http://checkpoint-master-architect.blogspot.co.uk/2017/07/cpet-session-3-it-is-on.html" target="_blank">Time and link details are here</a><br />
<br />
<br />
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">-----------</span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;"><a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">CPET</a> project relies on your support. </span><br /><span style="font-size: xx-small;">Participate in the talks and help us with your donations to <a href="https://www.paypal.me/cpvideonuggets" style="color: #33aaff; text-decoration-line: none;">https://www.paypal.me/cpvideonuggets</a> </span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">Follow us on <a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">Facebook</a> and <a href="https://twitter.com/CPExpertTalks" style="color: #888888; text-decoration-line: none;">Twitter.</a> </span></div>
<br />
<br /></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-66891422439633785382017-07-26T09:24:00.003+02:002017-07-26T09:28:59.759+02:00Turning out of state drops on and off on your gateways without pushing policy<div dir="ltr" style="text-align: left;" trbidi="on">
One of the regular issues I help my customers resolving is about out of state drops. there might be multiple causes, and those should be addressed by proper troubleshooting and network configuration changes.<br />
<br />
However, there are cases when you just need a quick fix before addressing the root case of the problem.<br />
<br />
The classic way to do that is to change Global Properties settings on your management and to install policy. The biggest problem with that approach is that the settings are global and will affect all FWs in the security domain after a policy push.<br />
<br />
But no worries, there is a way around it, described in <a href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk117374" target="_blank">SK117374</a>. Fw kernel has two parameter that define out of state drops for TCP and ICMP:<br />
<br />
<span style="background-color: white; font-family: "courier new" , "courier" , monospace; font-size: 14px;">fw_allow_out_of_state_tcp</span><br />
<span style="background-color: white; font-family: "courier new" , "courier" , monospace; font-size: 14px;">fw_allow_out_of_state_icmp</span><br />
<br />
For example, by running <span style="background-color: white; font-size: 14px;"><span style="font-family: "courier new" , "courier" , monospace;">fw ctl set int fw_allow_out_of_state_tcp </span></span><span style="background-color: white; font-size: 14px;"><span style="font-family: "courier new" , "courier" , monospace;">1</span></span><em style="background-color: white; font-family: DIN; font-size: 14px;"> </em> you can allow TCP traffic to pass through. Setting the same parameter to 0 will start dropping out of state TCP again.<br />
<br />
<br />
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">-----------</span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">Support <a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">CPET</a> project and this blog with</span><span style="font-size: xx-small;"> your donations to <a href="https://www.paypal.me/cpvideonuggets" style="color: #33aaff; text-decoration-line: none;">https://www.paypal.me/cpvideonuggets</a> </span></div>
</div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-65830336680961904532017-07-25T16:01:00.000+02:002017-07-25T16:06:10.442+02:00R80.10 debug documents are now public<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: "verdana" , sans-serif;">Check Point has published a set of new documents describing kernel modules and debug flags, SecureXL and CoreXL debug details in R80.10. </span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">Although the documents are public, to download them you will need to log in to User Center.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><span style="background-color: white; color: rgba(0 , 0 , 0 , 0.85); white-space: pre-line;">Kernel Debug flags - R80.10
</span><a href="http://downloads.checkpoint.com/dc/download.htm?ID=56864" style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: #827be9; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline; white-space: pre-line;" target="_blank">http://downloads.checkpoint.com/dc/download.htm?ID=56864</a><span style="background-color: white; color: rgba(0 , 0 , 0 , 0.85); white-space: pre-line;">
SecureXL Debug Flags - FWAccel (R80.10)
</span><a href="http://downloads.checkpoint.com/dc/download.htm?ID=56865" style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: #827be9; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline; white-space: pre-line;" target="_blank">http://downloads.checkpoint.com/dc/download.htm?ID=56865</a><span style="background-color: white; color: rgba(0 , 0 , 0 , 0.85); white-space: pre-line;">
SecureXL Debug Flags - SIM (R80.10)
</span><a href="http://downloads.checkpoint.com/dc/download.htm?ID=56866" style="background: 0px 0px rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: #827be9; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline; white-space: pre-line;" target="_blank">http://downloads.checkpoint.com/dc/download.htm?ID=56866</a></span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">Special thanks to <a href="https://www.linkedin.com/in/sergeis/" target="_blank">Sergei Shir</a> for this publication.</span><br />
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif;">
<br /></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<br /></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;"><br /></span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">-----------</span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">Support <a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">CPET</a> project and this blog with</span><span style="font-size: xx-small;"> your donations to <a href="https://www.paypal.me/cpvideonuggets" style="color: #33aaff; text-decoration-line: none;">https://www.paypal.me/cpvideonuggets</a> </span></div>
</div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com2tag:blogger.com,1999:blog-7755136273253085483.post-47134593775954480032017-07-23T16:18:00.001+02:002017-07-28T12:43:25.637+02:00CPET session 3 - it is on!<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
The next <a href="http://checkpoint-master-architect.blogspot.ch/search/label/CPET" target="_blank">Check Point Expert Talks</a> <a href="http://checkpoint-master-architect.blogspot.ch/2017/07/cpet-session-3-choose-topic-and-time.html" target="_blank">session</a> will take place on Sunday 30th of July at 14:00 CET. You have chosen <b><u>Kernel Debug Best Practices</u></b> as the topic.<br />
<br />
The session is limited to 100 participants. If you cannot join, video recording will be available later on.<br />
<br />
To <a href="https://drive.google.com/file/d/0B8WRUhkhIhyrMEM1RUtjMFpIS0E/view?usp=sharing" target="_blank">put the session in your calendar, use invitation link</a>.<br />
<br />
Otherwise, use <a href="https://zoom.us/j/5986377163" target="_blank">this link information to join</a>.</div>
<div class="MsoNormal">
<o:p></o:p></div>
<!--EndFragment--><br />
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">-----------</span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;"><a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">CPET</a> project relies on your support. </span><br />
<span style="font-size: xx-small;">Participate in the talks and help us with your donations to <a href="https://www.paypal.me/cpvideonuggets" style="color: #33aaff; text-decoration-line: none;">https://www.paypal.me/cpvideonuggets</a> </span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">Follow us on <a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">Facebook</a> and <a href="https://twitter.com/CPExpertTalks" style="color: #888888; text-decoration-line: none;">Twitter.</a> </span></div>
<div>
<span style="font-size: xx-small;"><br /></span></div>
<br />
<br />
<br /></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-33225320813729463012017-07-10T10:11:00.000+02:002017-07-23T16:22:47.828+02:00CPET session 3 - choose the topic and time<div dir="ltr" style="text-align: left;" trbidi="on">
Do not miss the opportunity to choose what and when will be discussed on the third CPET live session.<br />
<br />
This time I am proposing three different subjects:<br />
<br />
1. <b>Details of Policy Installation with Check Point</b><br />
2. <b>Kernel Debugging Best Practices <span style="color: red;">- Chosen</span></b><br />
3. <b>Open Questions and Answers discussion</b><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">Note: if option 3 is chosen, I will ask to submit questions in advance, so I could go through them. 10 minutes will be left for further discussion anyway.</span><br />
<br />
The proposed times are:<br />
<br />
1. <b>Saturday, 29th of July, 18:00 CET</b><br />
2. <b>Sunday, 30th of July, 14:00 CET </b><b><span style="color: red;">- Chosen</span></b><br />
<br />
<br />
The pool is now closed. <a href="http://checkpoint-master-architect.blogspot.ch/2017/07/cpet-session-3-it-is-on.html" target="_blank">Session details and invitation are here</a>.<br />
<br />
<br />
<br />
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">-----------</span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;"><a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">CPET</a> project relies on your support. Participate in the talks and help us with your donations to <a href="https://www.paypal.me/cpvideonuggets" style="color: #33aaff; text-decoration-line: none;">https://www.paypal.me/cpvideonuggets</a> </span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">Follow us on <a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">Facebook</a> and <a href="https://twitter.com/CPExpertTalks" style="color: #888888; text-decoration-line: none;">Twitter.</a> </span></div>
<div>
<span style="font-size: xx-small;"><br /></span></div>
</div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-1601671567255032002017-07-07T10:08:00.000+02:002017-07-07T10:08:29.484+02:0045 day trial for Office 365 SandBlast Cloud - do not miss<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://community.checkpoint.com/thread/5267-the-blackhole-of-office-365-45-day-security-challenge" target="_blank">Check Point just has announced an unprecedented 45 day trial program</a> for<a href="https://www.checkpoint.com/products/sandblast-office365-security/" target="_blank"> SandBlast Cloud</a> designed to protect your Office 365 environment.<br />
<br />
It includes engineering support for deployment and tuning of the solution.<br />
<br />
The program is only available by request.<br />
<br />
Details are listed in <a href="https://community.checkpoint.com/thread/5267-the-blackhole-of-office-365-45-day-security-challenge" target="_blank">the CP community post</a> by <a href="https://www.linkedin.com/in/sjohnson4/" target="_blank">Stephen Johnson</a>.<br />
<br />
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">-----------</span></div>
<div style="background-color: white;">
<span style="background-color: transparent; font-size: xx-small;"><span style="color: #666666; font-family: trebuchet ms, trebuchet, verdana, sans-serif;">Support</span></span><span style="color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: xx-small;"> this blog with your donations to <a href="https://www.paypal.me/cpvideonuggets" style="color: #33aaff; text-decoration-line: none;">https://www.paypal.me/cpvideonuggets</a> </span></div>
<br />
<br />
<br />
<br /></div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com1tag:blogger.com,1999:blog-7755136273253085483.post-50772207634421657322017-06-30T09:59:00.002+02:002017-06-30T09:59:14.653+02:00Petya.A is not a ransomware<div dir="ltr" style="text-align: left;" trbidi="on">
According to <a href="https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/" target="_blank">Kaspersky labs</a>, the latest cyberattack known as Petya.A is i<a href="https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/" target="_blank">n fact not a ransomware but a destroyer</a>.<br />
<br />
There is no way to recover the files. </div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0tag:blogger.com,1999:blog-7755136273253085483.post-65781780483763032132017-06-25T20:08:00.002+02:002017-06-25T20:11:24.997+02:00CPET session 2 recording is out there<div dir="ltr" style="text-align: left;" trbidi="on">
Thanks all <a href="http://checkpoint-master-architect.blogspot.ch/2017/06/cpet-session-r8010-rulebase-enforcement.html" target="_blank">for a great talk</a>. We have been discussing Unified policy, rulebase search in the GUI and gateway side rulebase match process.<br />
<br />
Special thanks to <a href="https://www.linkedin.com/in/timothy-hall-cissp-5a329011/" target="_blank">Tim</a> and <a href="https://www.linkedin.com/in/tomersole/" target="_blank">Tomer</a> for joining.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe width="320" height="266" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/8bKIHeRegtM/0.jpg" src="https://www.youtube.com/embed/8bKIHeRegtM?feature=player_embedded" frameborder="0" allowfullscreen></iframe></div>
<br />
<br />
<br />
<br />
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">-----------</span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;"><a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">CPET</a> project relies on your support. Participate in the talks and help us with your donations to <a href="https://www.paypal.me/cpvideonuggets" style="color: #33aaff; text-decoration-line: none;">https://www.paypal.me/cpvideonuggets</a> </span></div>
<div style="background-color: white; color: #666666; font-family: "trebuchet ms", trebuchet, verdana, sans-serif; font-size: 13.2px;">
<span style="font-size: xx-small;">Follow us on <a href="https://www.facebook.com/CPExpertTalks/" style="color: #888888; text-decoration-line: none;">Facebook</a> and <a href="https://twitter.com/CPExpertTalks" style="color: #888888; text-decoration-line: none;">Twitter.</a> </span></div>
<div>
<span style="font-size: xx-small;"><br /></span></div>
</div>
Valeri Loukinehttp://www.blogger.com/profile/11915389342131738939noreply@blogger.com0