Department of Homeland Security issues security warning for VPN applications — Check Point VPNs not affected

by Lloyd Tanaka, Threat Prevention Product Marketing Manager, published April 17th 2019

On Friday April 12, The CERT Coordination Center (CERT/CC) with the US Department of Homeland Security (DHS), issued a warning of a newly discovered vulnerability affecting possibly hundreds of Virtual Private Network (VPN) applications. Check Point was one of a small handful to be unaffected by this warning.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC Vulnerability Note VU#192371 to get details of the affected VPN applications and the problem of insecure storing of session cookies in memory and/or log files. Organizations face the risk of attackers exploiting this vulnerability to take control of an affected system.

Check Point VPN customers are not affected because of our advanced, market-leading security architecture. Check Point’s IPsec and SSL VPNs offer a number of market-leading capabilities that add safety and convenience for your remote access users, including:

• Threat prevention
• Incident analysis
• Access control
• Data security
• Compliance checking
• Multi-factor authentication

Customers using other VPNs should consult with their vendor. To help you assess your specific situation, we’ve formed a special VPN task force team to discuss your available options, including a quick migration to Check Point technology. Interested customers should contact our Incident Response team at https://www.checkpoint.com/support-services/threatcloud-incident-response/

Click Remote Access VPN for more information.