Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] userc.C

To: Mike Thomi <[email protected]>, [email protected]
Subject: Re: [FW1] userc.C
From: Rafiyq Mondesir <[email protected]>
Date: Tue, 13 Mar 2001 08:11:35 -0800 (PST)
In-reply-to: <[email protected]>
Sender: [email protected]

Thanks for the tip Mike but it did not work. I uninstalled/re-installed the SecureRemote client. Then I edited the c:\ProgramFiles\CheckPoint\SecureRemote\database\userc.C file to look exactly as follows:

(

:options (

:default_key_scheme (isakmp)

:active_resolver (true)

:encrypt_db (true)
)

:gws ()

:policy_servers ()

:managers ()

)

Then I added my site, authenticated, and downloaded my topo settings. I tested and successfully verified the vpn connectivity. I opened the userc.C file only to find that adding the encrypt_db (true) line did nothing as far as encrypting the data in the file. Everything was still clear text. Perhaps I missed a step?

Mike Thomi <[email protected]> wrote:

----- Original Message -----
From:
To: "Rafiyq Mondesir"
Cc:
Sent: Saturday, March 10, 2001 10:41 PM
Subject: Re: [FW1] userc.C

>
> Hi Rafiyq,
>
> On Fre, Mär 02, 2001 at 01:15:21 -0800, Rafiyq Mondesir wrote:
> > My question is regarding the use of the userc.C file on the SecureRemote
> > Client. It seems that this file contains details about the firewall on
> > which the client is supposed to connect to in order to establish VPN
> > connectivity. Contained in the file is the DNS name and the IP address
of
> > the external and internal interfaces of the firewall. It seems to me
that
> > this information undermines the Stealth and Hiding that one may
otherwise
> > wish to implemen! t on the Firewall1VPN product. Is there another way or
an
> > alternative that would make this information "invisible" in the userc.C
file?
>
> SecuRemote needs this information to function, so that would not be
useful.
> Checkpoint could make that information encrypted (password protected), but
> that would require users to give in yet another password.
>

Hi

Add the following entry to your userc.C before starting
securemote/secureclient and adding your site:

:options (
:...
:...
:encrypt_db (true)
)
this will encrypt the entries in userc.C
=> BUT: If the user deletes this entry from userc.C and readds the site
again, the userc.C won't be encrypted.....
A better solution would be if checkpoint adds this option to the dnsinfo.C,
so the end user won't be able to change these settings...the same applies to
the other options in ":options ()"

regards,

mike

================================================ ================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================

Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices!

References:
- Re: [FW1] userc.C
  - From: "Mike Thomi" <[email protected]>

Prev by Date: [FW1] Generic Proxy in 4.1SP2
Next by Date: [FW1] Management Station Migration
Previous by thread: Re: [FW1] userc.C
Next by thread: [FW1] https redirect
Index(es):
- Date
- Thread