Check Point released three IPS protections that address the OpenSSL "Heartbleed" vulnerability described in CVE-2014-0160:
Notes:
Protections:
-
-
-
TLS and DTLS Heartbeat Extension
Protection's description on Check Point advisory
This protection is an Application Control protection. It detects/blocks all Heartbeat messages, whether malicious or not. It is recommended only for customers who are OK with blocking all Heartbeat messages.
How to locate this protection in SmartDashboard:
- SmartDashboard - go '
IPS
' tab - expand 'Protections
' - expand 'By Type
' - expand 'Application Controls
' - search for TLS and DTLS Heartbeat Extension
- SmartDashboard - go '
IPS
' tab - expand 'Protections
' - expand 'By Protocol
' - expand 'IPS Software Blade
' - expand 'Application Intelligence
' - expand 'VPN Protocols
' - click on 'SSL and TLS
' - find TLS and DTLS Heartbeat Extension
These three protections inspect traffic on the following ports while protecting both directions - requests from the Server to the Client and replies from the Client to the Server:
Protocol |
Ports |
TCP |
- 443 (HTTPS - HTTP over SSL)
- 465 (SMTPS - SMTP over SSL)
- 563 (NNTPS - NNTP over TLS/SSL)
- 636 (LDAPS - LDAP over TLS/SSL)
- 989 (FTPS Data - FTP Data over TLS/SSL)
- 990 (FTPS Control - FTP Control over TLS/SSL)
- 992 (Telnet over TLS/SSL)
- 993 (IMAPS - IMAP over SSL)
- 995 (POP3S - POP3 over SSL)
- 1194 (OpenVPN)
- 2484 (Oracle Database listening for SSL client)
- 5061 (SIP over TLS)
- 8443 (Apache Tomcat SSL)
|
UDP |
- 563 (NNTPS - NNTP over TLS/SSL)
- 636 (LDAPS - LDAP over TLS/SSL)
- 4433 (OpenSSL)
|
|
This solution is about products that are no longer supported and it will not be updated
|