Check Point Provides Preemptive Protection Against Santy.C Worm.REDWOOD CITY Redwood City, city (1990 pop. 66,072), seat of San Mateo co., W Calif., on San Francisco Bay; inc. 1868. Manufactures include commmunications, electrical, electronic, and medical equipment. , Calif. -- Check Point Customers Protected in Advance of Command Injection Vulnerability; Additional Proof Point for Proactive Protection Against Unknown Attacks Check Point Software Technologies Ltd. (Nasdaq:CHKP CHKP Check Point Software Technologies Ltd. (stock abbreviation, AMEX) ), the worldwide leader in securing the Internet, today announced that its industry-leading VPN-1(R) Next Generation(TM) with Application Intelligence and Web Intelligence(TM) together provide preemptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. protection against the Santy.C worm (also known as PhpInclude.Worm). If exploited, the Santy.C command injection vulnerability could allow Web page defacement de·face tr.v. de·faced, de·fac·ing, de·fac·es 1. To mar or spoil the appearance or surface of; disfigure. 2. To impair the usefulness, value, or influence of. 3. , data theft and execution of arbitrary code. The worm hit on December 25, 2004, but Check Point has provided a defense against this worm since December 21, 2004. PHP (PHP Hypertext Preprocessor) A scripting language used to create dynamic Web pages. With syntax from C, Java and Perl, PHP code is embedded within HTML pages for server side execution. , a widely used server-side scripting language used to create dynamic Web pages, is especially suited for Web development since it can be easily embedded into HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. . The Santy.C worm uses search engines like Google and Yahoo! to enable a remote attacker to inject malicious code into PHP scripts. Users of VPN-1 Next Generation with Application Intelligence, Web Intelligence and Connectra who implemented the December 21st SmartDefense(TM) Special Advisory (CPSA-2004-07) are automatically protected against this vulnerability. Specifically, Check Point Web Intelligence provides command injection protection by looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. system commands in forms input and in URLs. For more information on Check Point's Web Intelligence, please visit http://www.checkpoint.com/products/web_intelligence/index.html. SmartDefense is a management feature set included with Check Point firewalls and VPNs that enables customers to configure their network to proactively protect against known and unknown attacks. It provides customers with the best network- and application-level security protection for dynamic Internet threats, such as the Santy.C worm. Additionally, Check Point customers can benefit from the SmartDefense Service, which enables real-time updates and advisories that provide additional protection against these new and emerging threats. A detailed description of the threat and defense is available to subscription customers of the SmartDefense Service. For more information on the Santy.C command injection vulnerability, please see advisory CPAI-2004-69 at www.checkpoint.com/defense/advisories/public/2004/cpai-2004-69.html. About Check Point SmartDefense Service SmartDefense Advisories are included with the SmartDefense Service and are available to licensed customers. The SmartDefense Service capabilities are available for Check Point products including VPN-1 Pro(TM), Check Point Express(TM), InterSpect(TM), Web Intelligence(TM) and Connectra(TM). About Check Point Software Check Point Software Technologies Ltd. (www.checkpoint.com) is the worldwide leader in securing the Internet. It is the confirmed market leader of both the worldwide VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. and firewall markets. Through its Next Generation product line, the company delivers a broad range of intelligent Perimeter, Internal and Web security solutions that protect business communications and resources for corporate networks and applications, remote employees, branch offices and partner extranets. The company's Zone Labs (www.zonelabs.com) division is one of the most trusted brands in Internet security, creating award-winning endpoint security solutions that protect millions of PCs from hackers, spyware and data theft. Extending the power of the Check Point solution is its Open Platform for Security (OPSEC (OPerations SECurity) The U.S. military term for concealing critical information as part of a counterintelligence plan. A form of "security by obscurity," OPSEC determines what information adversaries can obtain or piece together from observation and to provide measures for ), the industry's framework and alliance for integration and interoperability with "best-of-breed" solutions from over 350 leading companies. Check Point solutions are sold, integrated and serviced by a network of more than 2,300 Check Point partners in 92 countries. (C)2004 Check Point Software Technologies Ltd. All rights reserved. Check Point, Application Intelligence, Check Point Express, the Check Point logo, ClusterXL, ConnectControl, Connectra, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FireWall-1 XL, FloodGate-1, INSPECT, INSPECT XL, InterSpect, IQ Engine, Open Security Extension, OPSEC, Provider-1, Safe@Office, SecureKnowledge, SecurePlatform, SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, SmartDashboard, SmartDefense, SmartLSM, SmartMap, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. Network Extender See Media Center Extender, bus extender and DOS extender. , UAM UAM Universidad Autónoma de Madrid (Spain) UAM Universidad Autonoma Metropolitana (México) UAM Uniwersytet im. , User-to-Address Mapping, UserAuthority, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 VSX (Verification Suite for X/Open) A testing procedure from X/Open that verifies compliance with their endorsed standards. VSX3 has over 5,500 tests for compliance with XPG3. See XPG. VSX - Verification Suite for X/open. , Web Intelligence, TrueVector, ZoneAlarm, Zone Alarm Pro, Zone Labs, the Zone Labs logo, AlertAdvisor, Cooperative Enforcement, IMsecure, Policy Lifecycle Management, Zone Labs Integrity and Smarter Security are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726 and 6,496,935 and may be protected by other U.S. Patents, foreign patents, or pending applications. |
|
Printer friendly
Cite/link
Email
Feedback
Reader Opinion