|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] userc.C
Thanks for the tip Mike but it did not work. I uninstalled/re-installed the SecureRemote client. Then I edited the c:\ProgramFiles\CheckPoint\SecureRemote\database\userc.C file to look exactly as follows:
(
:options (
:default_key_scheme (isakmp)
:active_resolver (true)
:encrypt_db (true) )
:gws ()
:policy_servers ()
:managers ()
)
Then I added my site, authenticated, and downloaded my topo settings. I tested and successfully verified the vpn connectivity. I opened the userc.C file only to find that adding the encrypt_db (true) line did nothing as far as encrypting the data in the file. Everything was still clear text. Perhaps I missed a step?
R.
Mike Thomi <[email protected]> wrote:
----- Original Message ----- From: To: "Rafiyq Mondesir" Cc: Sent: Saturday, March 10, 2001 10:41 PM Subject: Re: [FW1] userc.C
> > Hi Rafiyq, > > On Fre, Mär 02, 2001 at 01:15:21 -0800, Rafiyq Mondesir wrote: > > My question is regarding the use of the userc.C file on the SecureRemote > > Client. It seems that this file contains details about the firewall on > > which the client is supposed to connect to in order to establish VPN > > connectivity. Contained in the file is the DNS name and the IP address of > > the external and internal interfaces of the firewall. It seems to me that > > this information undermines the Stealth and Hiding that one may otherwise > > wish to implemen!
t on the Firewall1VPN product. Is there another way or an > > alternative that would make this information "invisible" in the userc.C file? > > SecuRemote needs this information to function, so that would not be useful. > Checkpoint could make that information encrypted (password protected), but > that would require users to give in yet another password. >
Hi
Add the following entry to your userc.C before starting securemote/secureclient and adding your site:
:options ( :... :... :encrypt_db (true) ) this will encrypt the entries in userc.C => BUT: If the user deletes this entry from userc.C and readds the site again, the userc.C won't be encrypted..... A better solution would be if checkpoint adds this option to the dnsinfo.C, so the end user won't be able to change these settings...the same applies to the other options in ":options ()"
regards,
mike
================================================
================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices!
|
|